Hi Rowland 1. Yes, i compiled on dc01, compile/install on dc02 and join to dc01 and compile/install on dc03 and join dc01, without problem. 2. Yes, the GPO's is sync across with rsync (from dc01 to dc02 and dc03) . About the question: but have you checked that the sync actually worked ? ... Mmm, only checks the folder and perms is sync inside the clients. Saludos. --- Miguel Coa M. El jue, 6 oct 2022 a las 10:05, Rowland Penny via samba (< samba at lists.samba.org>) escribi?:> > > On 06/10/2022 13:03, Miguel Angel Coa M. via samba wrote: > > Hi, > > I've Samba 4.16 with 3 nodes.. sambadc01, sambadc02 and sambadc03 with > > Rocky Linux 8 . The sysvol sync by rsync method ( > > > https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround > ) > > , but i ve problem with check and reset permissions into secondary nodes > > (sambadc02 and sambadc03) in boths i have the next error > > > > The rsync is from sambadc01 to sambadc02 an sambadc03 > > > > I take it that you compiled Samba on the first DC and then either copied > this to the other two, or you compiled Samba on all three. > You then provisioned DC01 and joined DC02 & DC03 to your new domain, or > something similar. > > When a new domain is provisioned (and a new DC is created), two default > GPO's are installed on the DC, this doesn't happen when new DC's are > joined to the domain. It sounds like you have copied the GPO's across > with rsync, but have you checked that the sync actually worked ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 06/10/2022 15:35, Miguel Angel Coa M. wrote:> Hi Rowland > 1. Yes, i compiled on dc01, compile/install??on dc02 and join to dc01 > and compile/install on dc03 and join dc01, without?problem. > 2. Yes, the GPO's is sync across with rsync? (from dc01 to dc02 and dc03) . > > About the question: but have you checked that the sync actually worked ? > ... Mmm, only checks the folder and perms is sync inside the clients.What I meant was, did Sysvol get copied across to the two new DC's, are the files actually there ? GPO's are stored in two places, on Disc in the sysvol directory and also in the AD database. sysvolcheck reads the GPO's from AD and then 'walks' the found GPO's, one by one in sysvol on disc. The errors could be caused by you having, lets say, three GPO's in AD, but only two (or less) on disc. Another thing to look at is selinux (if it is being used), this could also be denying access, remember that red-hat doesn't really want you to use Samba as a DC on its OS, so there is no selinux conf for a Samba DC. (yes, I know that you are using Rocky Linux, but that is red-hat recompiled) Rowland