similar to: Missing Policies folder in AD and /var/lib/samba/sysvol

Hi, I am finally revisiting my sysvol share (GPOs haven't been working for me for quite some time) and trying to get permissions sorted properly on it. For many years, "samba-tool ntacl sysvolreset" has always failed for me with errors that I have been unable to solve. Previously I have used guidance from Louis and got things working, but my sysvol is currently in a broken state.

On Wed, 17 Jul 2019 at 17:58, Rowland penny via samba <samba at lists.samba.org> wrote: > > On 17/07/2019 17:43, Kris Lou via samba wrote: > > I had thought that the conventional wisdom was that ntacl sysvolreset > > should be mostly avoided once relative stability achieved and additional > > GPO's created. > > > >

piggybacking on the "Syncing Sysvol" thread ... I had thought that the conventional wisdom was that ntacl sysvolreset should be mostly avoided once relative stability achieved and additional GPO's created. https://wiki.samba.org/index.php/Sysvolreset Has this changed recently? Kris Lou klou at themusiclink.net

On Jul 24 13:30:11 2023 Rowland Penny via samba <samba at lists.samba.org> wrote: > On 24/07/2023 17:46, Mark Foley via samba wrote: > > I removed the new computer from the domain and deleted the smb.conf file. I then > > did: > > > > samba-tool domain join hprs.local DC --option='idmap_ldb:use rfc2307 = yes' -U Administrator [deleted] > It sounds

Progress maybe... I tried running sysvolcheck with strace and noticed something really odd.... This was in the trace: getxattr("/var/lib/samba/sysvol/samdom.example.com/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}", "security.NTACL", NULL, 0) = -1 ENOENT But I knew that folder was in my sysvol folder: ??? [drwxrwx--- root???? BUILTIN\administrators]

On 18/07/2019 14:11, Jonathan Hunter via samba wrote: > On Wed, 17 Jul 2019 at 17:58, Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 17/07/2019 17:43, Kris Lou via samba wrote: >>> I had thought that the conventional wisdom was that ntacl sysvolreset >>> should be mostly avoided once relative stability achieved and additional >>>

Rowland and Michael... Thanks for the help - it sounds like I should be close to getting this working. More troubleshooting... Here is what my test Samba AD has after being freshly provisioned: [drwxr-xr-x root???? root??? ] /var/lib/samba/sysvol/sambatest327.com/Policies ??? [drwxr-xr-x root???? root??? ] {31B2F340-016D-11D2-945F-00C04FB984F9} ??? ??? [-rwxrwx--- root???? 3000000 ]?

Hello all, Hoping I never have to restore it, I'm trying to do an offline backup of my domain. On a DC I "croned" /usr/bin/samba-tool domain backup offline --targetdir=/usr/local/backups/samba The backup systematically fails leaving a folder INCOMPLETEsambabackupfileXXXXX with a small .tar inside. If I run it "by hand", I get the same result. The (what I think is the)

On 13/10/24 6:53 am, Carlos Jesus via samba wrote: > Hello all, > Hoping I never have to restore it, I'm trying to do an offline backup of my > domain. On a DC I "croned" /usr/bin/samba-tool domain backup offline > --targetdir=/usr/local/backups/samba > > The backup systematically fails leaving a folder > INCOMPLETEsambabackupfileXXXXX with a small .tar inside.

Try this maintenance procedures and report back: http://samba.bigbird.es/doku.php?id=samba:dc-maintenance ?? ?Find and delete ?tombstone? items samba-tool domain tombstones expunge --tombstone-lifetime=0 ?? ?Check domain databases and automatically fix things. samba-tool dbcheck --cross-ncs --fix --yes On 12 Oct 2024 at 18:53 +0100, Carlos Jesus via samba <samba at lists.samba.org>,

I have Samba 4.5.3 working fine as an AD DC and DNS provider. I now need to set up a group policy on the DC but I am having problems with the internal sysvol and netlogon shares. Via the Windows Group Policy Manager snap-in I successfully created a GPO specifying the DC as the primary time source for all clients, using the Administrator user ...but my windows domain test client

On 1/12/2017 2:09 PM, Rowland Penny via samba wrote: > On Thu, 12 Jan 2017 20:46:15 +0200 > Richard via samba <samba at lists.samba.org> wrote: > >> Hi James >> >> The output is as follows... >> >> wbinfo --gid-info=10013 => CT\domain admins:x:10013: >> >> wbinfo --uid-info=3000008 => CT\domain >>

Dug deeper (i.e. into the source code)... no answer yet. The samba join process is failing when fetching the domain's machine password from the secrets.tdb database, which presumably it has just built as part of the JOIN.. Specifically, it is looking for an entry: "SECRETS/$MACHINE.ACC/OFFICE" in secrets.tdb. When that fails, samba looks in secrets.ldb in "cn=Primary

Hello, I am wondering whether I have all pieces together for a scenatio with two DCs and GPOs being used. Obviously the GPOs need to be replicated between DCs, I use "osync" as per the samba wiki (https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround). In that documentation the sysvolreset command is issued every time on the second DC after

On 10/4/2016 11:22 AM, Rowland Penny via samba wrote: > See inline comments: > > On Tue, 4 Oct 2016 10:44:07 -0400 > Bob Thomas via samba <samba at lists.samba.org> wrote: > >> Hey Samba team - Thanks for all your work >> >> I have three production samba 4 DCs 2 running on Ubuntu 16.04 (Samba >> 4.4.5 and 4.4.4) and one on 14.04 (Samba 4.3.3) all

Try: http://samba.bigbird.es/doku.php?id=samba:sync-sysvol I would recommend one way sync always from PDC FSMO owner, as this is the machine the GPOs get created in by default. And of course : http://samba.bigbird.es/doku.php?id=samba:sync-idmap.ldb Regards. LP On 5 Dec 2023 at 13:47 +0100, Jakob Curdes via samba <samba at lists.samba.org>, wrote: > Hello, > > I am wondering

Hi, in this thread: https://lists.samba.org/archive/samba/2019-July/224365.html Joachim Lindenberg reminded me that he was using smbclient to sync Sysvol. He posted (in the link above) a link to his original post: https://lists.samba.org/archive/samba/2019-July/224346.html Here he posted a copy of his script. I personally would never have thought about using smbclient, but it just goes to

Hi everyone, So, I am working with an AD environment where there is one 2008R2 DC (which holds the PDC emulator FSMO role) and one Samba DC running on Ubuntu 14.04 (Samba Version 4.1.6-Ubuntu). I have been trying to set up the rsync workaround for SYSVOL replication, but I've been unable to get it working properly due to the inability to compile rsync with xattr support under Windows. My

Hi James The output is as follows... wbinfo --gid-info=10013 => CT\domain admins:x:10013: wbinfo --gid-info=10014 => CT\domain users:x:10014: wbinfo --uid-info=3000000 => BUILTIN\administrators:*:3000000:3000000::/home/BUILTIN/administrators:/bin/false wbinfo --uid-info=3000008 => CT\domain admins:*:3000008:3000008::/home/CT/domain admins:/bin/false Yes I have set

Hi Andrew, thanks so much for the feedback. Yes, you're 100% right. I'm new at this and originally changed the default GPO, however subsequently reset the default and created a new GPO. (so this getfacl output is post creation of a new GPO) The getfacl output is shown here: # getfacl /usr/local/samba/var/locks/sysvol/mydomain.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}