Following the wiki replication guide precisely I got to this step.
[root at smb4-2 ~ (master)]# rsync -XAavz --delete-after
smb4-1.brockley.harte-lyne.ca:/var/db/samba4/sysvol/ /var/db/samba4/sysvol/
receiving file list ... done
./
brockley.harte-lyne.ca/
. . .
brockley.harte-lyne.ca/scripts/
sent 142 bytes received 1,683 bytes 3,650.00 bytes/sec
total size is 182 speedup is 0.10
[root at smb4-2 ~ (master)]# samba-tool ntacl sysvolreset
Processing section "[sysvol]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[netlogon]"
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and
'force unknown acl user = true' for service Unknown Service (snum == -1)
Processing section "[sysvol]"
Processing section "[netlogon]"
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and
'force unknown acl user = true' for service sysvol
set_canon_ace_list: sys_acl_set_file type file failed for file
/var/db/samba4/sysvol (Invalid argument).
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER.
ERROR(runtime): uncaught exception - (3221225485, 'An invalid parameter was
passed to a service or function.')
File
"/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py",
line
185, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/samba/netcmd/ntacl.py",
line
283, in run
lp, use_ntvfs=use_ntvfs)
File
"/usr/local/lib/python3.7/site-packages/samba/provision/__init__.py",
line 1735, in setsysvolacl
_setntacl(sysvol)
File
"/usr/local/lib/python3.7/site-packages/samba/provision/__init__.py",
line 1732, in _setntacl
service=SYSVOL_SERVICE, session_info=session_info)
File "/usr/local/lib/python3.7/site-packages/samba/ntacls.py", line
232, in
setntacl
service=service, session_info=session_info)
However, when I check the acls on smb4-2 I see this:
[root at smb4-2 ~ (master)]# getfacl /var/db/samba4/sysvol
# file: /var/db/samba4/sysvol
# owner: root
# group: 3000000
owner@:rwxp----------:-------:deny
owner@:------aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
Which appears not to match smb4-1:
[root at smb4-1 ~ (master)]# getfacl /var/db/samba4/sysvol
# file: /var/db/samba4/sysvol
# owner: root
# group: 3000000
group:3000000:rwxpDdaARWcCo-:fd-----:allow
group:3000001:r-x---a-R-c---:fd-----:allow
group:3000002:rwxpDdaARWcCo-:fd-----:allow
group:3000003:r-x---a-R-c---:fd-----:allow
So, I am not sure where to go from here.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3