Web lists-archives.com

Re: [Samba] Sysvolreset


how do I do that ?
And what would be the possible problems? (Both are in production)

"One way to avoid that would be to copy idmap.ldb from your first DC to the other two DCs."


On 11-01-2018 14:42, Denis Cardon wrote:
Hi Carlos,

DC to DC2/DC3 ->

 /usr/bin/rsync  -XAaz --delete-after /opt/samba/var/locks/sysvol

 /usr/bin/rsync  -XAaz --delete-after /opt/samba/var/locks/sysvol

looking at your smb.conf file, you are using tdb idmap (default on DC). So the UID/SID mapping will be different on the different DC, and your rsync will thus mess up the ACLs of sysvol. ACLs on sysvol are very important, otherwise GPO won't be applied.

So it is logic for you to have to apply sysvolreset after your rsync.

One way to avoid that would be to copy idmap.ldb from your first DC to the other two DCs. The other way would be to configure rfc2307, but I'd say it is too much of a hassle.




On 10-01-2018 11:59, Carlos wrote:

I have 3 Samba 4 , version 4.7.3 running in Ubuntu Server 16.04.

All is ok, but GPO in DC3, with erro the permission, with dont load in
windows(gpresult /force).

My smb.conf all samba server DC.

        netbios name = SAMBA-DC103
        realm = <DOMAIN>
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = XXXXXXX

        ldap server require strong auth = no

        path = /opt/samba/var/locks/sysvol/<DOMAIN>/scripts
        read only = No

        path = /opt/samba/var/locks/sysvol
        read only = No

For resolved, i with run "samba-tool ntacl sysvolreset" , but i see a
not good ideia..(

Any ?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba