Web lists-archives.com

Re: [Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs




Oops, I think my eyes glazed over. I am pretty sure that idmap.ldb should be owned by root and in group root. This is easily fixed, though

pi@ad2:/var/lib/samba/private $ sudo chown root:root /var/lib/samba/private/idmap.ldb

Another ls command then confirms the updated privileges.

pi@ad2:/var/lib/samba/private $ ls -al
total 10124
drwxr-xr-x 7 root root    4096 Mar 26 10:55 .
drwxr-xr-x 8 root root    4096 Mar 26 10:09 ..
-rw------- 1 root root    2069 Mar 25 16:43 dns_update_cache
-rw-r--r-- 1 root root    3663 Mar 25 16:42 dns_update_list
-rw------- 1 root root 1286144 Mar 25 16:42 hklm.ldb
-rw------- 1 root root   61440 Mar 26 09:57 idmap.ldb
-rw-r--r-- 1 root root      99 Mar 25 16:42 krb5.conf
srwxrwxrwx 1 root root       0 Mar 26 10:09 ldapi
drwxr-x--- 2 root root    4096 Mar 26 10:09 ldap_priv
drwx------ 2 root root    4096 Mar 26 10:54 msg.sock
-r--r--r-- 1 root root     300 Mar 25 16:43 named.conf.update
-rw------- 1 root root     696 Mar 26 10:09 netlogon_creds_cli.tdb
-rw------- 1 root root  421888 Mar 25 16:42 passdb.tdb
-rw------- 1 root root 1286144 Mar 25 16:42 privilege.ldb
-rw------- 1 root root 4247552 Mar 25 16:43 sam.ldb
drwx------ 2 root root    4096 Mar 25 16:43 sam.ldb.d
-rw------- 1 root root     696 Mar 26 10:08 schannel_store.tdb
-rw------- 1 root root    1182 Mar 25 16:43 secrets.keytab
-rw------- 1 root root 1286144 Mar 25 16:43 secrets.ldb
-rw------- 1 root root  430080 Mar 25 16:43 secrets.tdb
-rw------- 1 root root 1286144 Mar 25 16:42 share.ldb
drwxr-xr-x 2 root root    4096 Mar 25 16:43 smbd.tmp
-rw-r--r-- 1 root root     955 Mar 25 16:42 spn_update_list
drwx------ 2 root root    4096 Mar 25 16:44 tls

Sadly even with this change, I still see the originally described issue, ie

pi@ad2:/var/lib/samba/private $ sudo systemctl restart samba-ad-dc
pi@ad2:/var/lib/samba/private $ sudo samba-tool ntacl sysvolreset
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 239, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1609, in setsysvolacl     set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1502, in set_gpos_acl     use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in setntacl     smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)

If anyone knows what might be causing this I would appreciate the heads-up.

Thanks in Advance
Stephen Ellwood


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba