Re: [Samba] Sysvolreset

Date: Thu, 11 Jan 2018 15:50:40 -0200
From: Carlos via samba <samba@xxxxxxxxxxxxxxx>
Subject: Re: [Samba] Sysvolreset

Hi,

how do I do that ?
And what would be the possible problems? (Both are in production)

"One way to avoid that would be to copy idmap.ldb from your first DC tothe other two DCs."


Regards;


On 11-01-2018 14:42, Denis Cardon wrote:

Hi Carlos,


DC to DC2/DC3 ->

 /usr/bin/rsync  -XAaz --delete-after /opt/samba/var/locks/sysvol
root@samba-dc102:/opt/samba/var/locks/

 /usr/bin/rsync  -XAaz --delete-after /opt/samba/var/locks/sysvol
root@samba-dc102:/opt/samba/var/locks/

looking at your smb.conf file, you are using tdb idmap (default onDC). So the UID/SID mapping will be different on the different DC, andyour rsync will thus mess up the ACLs of sysvol. ACLs on sysvol arevery important, otherwise GPO won't be applied.


So it is logic for you to have to apply sysvolreset after your rsync.

One way to avoid that would be to copy idmap.ldb from your first DC tothe other two DCs. The other way would be to configure rfc2307, butI'd say it is too much of a hassle.


Cheers,

Denis


Regards


On 10-01-2018 11:59, Carlos wrote:

Hi!

I have 3 Samba 4 , version 4.7.3 running in Ubuntu Server 16.04.

All is ok, but GPO in DC3, with erro the permission, with dont load in
windows(gpresult /force).


My smb.conf all samba server DC.


[global]
        netbios name = SAMBA-DC103
        realm = <DOMAIN>
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = XXXXXXX

        ldap server require strong auth = no

[netlogon]
        path = /opt/samba/var/locks/sysvol/<DOMAIN>/scripts
        read only = No

[sysvol]
        path = /opt/samba/var/locks/sysvol
        read only = No




For resolved, i with run "samba-tool ntacl sysvolreset" , but i see a
not good ideia..(
https://lists.samba.org/archive/samba/2017-March/207236.html)


Any ?


Regards;


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Follow-Ups:
- Re: [Samba] Sysvolreset
  - From: Kacper Wirski via samba
- Re: [Samba] Sysvolreset
  - From: Rowland Penny via samba

References:
- [Samba] Sysvolreset
  - From: Carlos via samba
- Re: [Samba] Sysvolreset
  - From: Carlos via samba
- Re: [Samba] Sysvolreset
  - From: Denis Cardon via samba

Prev by Date: Re: [Samba] Sysvolreset
Next by Date: [Samba] Is there any way to import a samba ldb database?
Previous by thread: Re: [Samba] Sysvolreset
Next by thread: Re: [Samba] Sysvolreset
Index(es):
- Date
- Thread

lists-archives.com

Re: [Samba] Sysvolreset