On 23/05/2023 11:15, d tbsky via samba wrote:> Hi:
> I am using samba 4.18.2 as domain controller. It is working fine
> with no problems.
> My samba data is 10 years old after many migrate/upgrade(both os and
> samba) . normally I only run "samba-tool dbcheck" after samba
upgrade.
> today I want to spent some time to sysvol and found it failed
> immediately:
>
> /usr/local/samba/bin/samba-tool ntacl sysvolcheck
> ERROR(<class 'OSError'>): Could not access
> /usr/local/samba/var/locks/sysvol/ad.example.com: No data available -
> [Errno 61] No data available:
> '/usr/local/samba/var/locks/sysvol/ad.example.com'
>
> searching the list I realized my problem is similar to the discussion
below:
> https://lists.samba.org/archive/samba/2023-April/244714.html
>
> I don't have ntacl extend attribute for directories below(getfattr -d
> -m- return no ntacl):
> "/usr/local/samba/var/locks/sysvol/ad.example.com"
> "/usr/local/samba/var/locks/sysvol/ad.example.com/scripts"
> "/usr/local/samba/var/locks/sysvol/ad.example.com/Policies"
>
> but sub-directories under "Policies" seem fine. They have ntacl
> extended attributes and all my group policies work fine.
>
> I wonder how to fix the ntacl of the three directories? I don't know
> what "samba-tool ntacl sysvolrest" do so I don't want to
execute that
> command blindly.
>
What sysvolreset does is basically what it says, it resets the
permissions on the sysvol directories. It is the fix you require,
provided the GPO's are there and that idmap.ldb is in sync on all DC's.
If you still have doubts, just ask and I will go into it in much deeper.
Rowland