On 27/07/2023 23:03, Mark Foley via samba wrote:> On Tue Jul 25 15:34:15 2023 Rowland Penny <rpenny at samba.org>
wrote:
>
>> On 25/07/2023 20:09, Mark Foley via samba wrote:
>>
>>> One of the recommended solutions was using rsync, similar to what I
theorized.
>>> I'll try that and post back.
>
> [deleted]
>
> OK, I did the rsync method for SysVol replication. It appears to have
worked and
> copied the ACLs as well.
>
> I then ran the sysvolreset. It tool longer, but still gave some errors,
though
> not as many:
>
> # samba-tool ntacl sysvolreset
> set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
> ERROR(runtime): uncaught exception - (3221225524, 'The object name is
not found.')
> File
"/usr/lib64/python3.9/site-packages/samba/netcmd/__init__.py", line
186, in _run
> return self.run(*args, **kwargs)
> File
"/usr/lib64/python3.9/site-packages/samba/netcmd/ntacl.py", line 412,
in run
> provision.setsysvolacl(samdb, netlogon, sysvol,
> File
"/usr/lib64/python3.9/site-packages/samba/provision/__init__.py", line
1754, in setsysvolacl
> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
> File
"/usr/lib64/python3.9/site-packages/samba/provision/__init__.py", line
1630, in set_gpos_acl
> setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid),
session_info,
> File "/usr/lib64/python3.9/site-packages/samba/ntacls.py",
line 228, in setntacl
> smbd.set_nt_acl(
>
> Is this ignorable? Fixable? It doesn't mean much to me.
>
> Note that samba is not yet running, nor is the DNS working yet.
>
> Thanks --Mark
>
Samba stores the GPOs in sysvol and in AD. The way that sysvolreset
works is, it reads the GPOs in AD and then uses this information to set
the permissions for the GPOs on disk. It looks to me that you have more
GPO's in AD than you have on disk, it is trying to set the permissions
for a GPO that isn't on disk. I would compare sysvol on both machines.
Rowland