samba - May 2020 - rsync replication acl error

I am trying to replicate a samba-4.3 DC [192.168.8.65] to a newly joined
samba-4.10 DC.  I am using rsync as described in the samba wiki, excepting that
I am using a remote shell (ssh) with the root user and password-less logins.

When I run the command below from the 4.10 DC I get acl errors as shown below.

rsync -XAavz --delete-after --rsh='ssh'
[192.168.8.65]:/var/db/samba4/sysvol
/var/db/samba4
receiving file list ... done
rsync: set_acl: sys_acl_set_file(sysvol, ACL_TYPE_ACCESS): Invalid argument (22)
. . . many more errors.

On DC1 I see this:
getfacl /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
# file: /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
# owner: root
# group: BUILTIN\administrators
user::rwx
user:root:rwx
user:BUILTIN\administrators:rwx
user:BUILTIN\server operators:r-x
user:3000002:rwx
user:3000003:r-x
group::rwx
group:BUILTIN\administrators:rwx
group:BUILTIN\server operators:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::---

On DC2 I see this:

getfacl /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
# file: /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
# owner: root
# group: 3000000
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow

The sysvol directory tree and contents are copied however.  Just not the acls.

/var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
|-- Policies
|   |-- {246C4B33-10C0-4718-8396-F4B2BF39C610}
|   |   |-- Machine
|   |   `-- User
|   |-- {31B2F340-016D-11D2-945F-00C04FB984F9}
|   |   |-- MACHINE
|   |   |   |-- Applications
|   |   |   `-- Scripts
|   |   |       |-- Shutdown
|   |   |       `-- Startup
|   |   `-- USER
|   |       |-- Documents\ &\ Settings
|   |       `-- Scripts
|   |           |-- Logoff
|   |           `-- Logon
|   `-- {6AC1786C-016F-11D2-945F-00C04FB984F9}
|       |-- MACHINE
|       `-- USER
`-- scripts


Is there some setting or option that I am missing or misusing? Is there
something that I have not configured for samba on DC2?

P.S. I am subscribed to the digest version of this list so the favour of a
direct copy of any replies to the list is appreciated.


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

On 09/05/2020 14:21, James B. Byrne via samba wrote:
> I am trying to replicate a samba-4.3 DC [192.168.8.65] to a newly joined
> samba-4.10 DC.  I am using rsync as described in the samba wiki, excepting
that
> I am using a remote shell (ssh) with the root user and password-less
logins.
>
> When I run the command below from the 4.10 DC I get acl errors as shown
below.
>
> rsync -XAavz --delete-after --rsh='ssh'
[192.168.8.65]:/var/db/samba4/sysvol
> /var/db/samba4
> receiving file list ... done
> rsync: set_acl: sys_acl_set_file(sysvol, ACL_TYPE_ACCESS): Invalid argument
(22)
> . . . many more errors.
>
> On DC1 I see this:
> getfacl /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
> # file: /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
> # owner: root
> # group: BUILTIN\administrators
> user::rwx
> user:root:rwx
> user:BUILTIN\administrators:rwx
> user:BUILTIN\server operators:r-x
> user:3000002:rwx
> user:3000003:r-x
> group::rwx
> group:BUILTIN\administrators:rwx
> group:BUILTIN\server operators:r-x
> group:3000002:rwx
> group:3000003:r-x
> mask::rwx
> other::---
>
> On DC2 I see this:
>
> getfacl /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
> # file: /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca
> # owner: root
> # group: 3000000
>              owner@:rwxp--aARWcCos:-------:allow
>              group@:rwxp--a-R-c--s:-------:allow
>           everyone@:------a-R-c--s:-------:allow
>
Are you using the same filesystem on both machines ?

The first looks like standard ACL's but the second looks like nfs4acls.

Rowland