Re: [Samba] samba4 PDC to BDC file replication
On Sun, Mar 03, 2013 at 02:41:35PM +1000, C Waddy wrote: No luck so far with a suitable solution for file replication to BDC and retain ntfs perms.. After testing again with Rsync, it will not preserve NTFS permissions, no matter what flags are used? Glusterfs is cool but only for 64 Bit systems. There must be a solution to this with Samba4, anyone using a tested and working Method? Without the replication of folders/files with NTFS ACL's we can't use Samba4 in our Business which is very frustrating :( Are you talking about a filesystem mounted from Linux formatted as NTFS ? Or a normal Samba filesystem (e.g. ext4) with Samba-style NTFS permissions stored on it ? If the latter, and rsync isn't copying the Samba NTFS permissions, I have an idea as to what may be wrong here. Might need an rsync patch :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] sysvolreset failing on glusterfs
Hi, I'm trying to setup a domain with two DCs based on 4.0.3. Following some hint, I wanna use glusterfs for the sysvol. Glusterfs it runs nicely. I can set acls on both machines using setfacl and the other one lists them almost immediately with getfacl. But running samba-tool ntacl sysvolreset is failing badly giving the following error. In a later attempt, without significant changes I remember, the script more or less seemed to work and created indeed ACEs, but still came up with this error after some minutes. root@dc1:~# samba-tool ntacl sysvolreset set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_NOT_SUPPORTED. ERROR(runtime): uncaught exception - (-1073741637, 'NT_STATUS_NOT_SUPPORTED') File /opt/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /opt/samba/lib/python2.6/site-packages/samba/netcmd/ntacl.py, line 214, in run lp, use_ntvfs=use_ntvfs) File /opt/samba/lib/python2.6/site-packages/samba/provision/__init__.py, line 1563, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /opt/samba/lib/python2.6/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) Running mount is showing the target fs without ACLs, although they do work, as said before, and although I do have mounted the fs using -o acl,rw. The underlying ext3 fs is of cause running with acls enabled, too. This is what mount looks like for the involved fs's: fusectl on /sys/fs/fuse/connections type fusectl (rw) /dev/xvda3 on /var/glusterfs/brick1 type ext3 (rw,acl,user_xattr) localhost:/dc-vol on /export/dc-vol type fuse.glusterfs (rw,allow_other,max_read=131072) Andreas -- Andreas Gaiser, Berlin, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 as domain member and file server
Hi guys, I'm having trouble setting up my file server running Samba 4 (4.0.3). I had no problem joining the domain (also a Samba 4 (4.0.3) with AD) but I can't get the ACL to work properly. I'm sure my settings are wrong and hoping for some help. When I try to set a user permission I get this error: setfacl -m u:administrator:rwx test3.txt setfacl: test3.txt: Malformed access ACL `user::rw-,group::r--,group:adm:rwx,mask::rwx,other::r--,user:4294967295:rwx': Missing or wrong entry at entry 6 Byt when I try to set a group I don't get any error, but the settings does not stick: root@sto-file01:/var/files# setfacl -m g:domain users:rwx test3.txt root@sto-file01:/var/files# getfacl test3.txt # file: test3.txt # owner: root # group: root user::rw- group::r-- group:adm:rwx mask::rwx other::r-- My smb.conf: # Global parameters [global] workgroup = CORP realm = corp.lo netbios name = STO-FILE01 security = ADS encrypt passwords = Yes map untrusted to domain = Yes idmap backend = ad winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config corp:range = 1000-20 idmap config corp:schema_mode = rfc2307 idmap config corp:backend = ad create mask = 0777 directory mask = 0777 [files] path = /var/files read only = No Wbinfo: wbinfo -i jjn jjn:*:4294967295:4294967295:Johan Johansson:/home/CORP/jjn:/bin/false getfacl: getfacl test3.txt # file: test3.txt # owner: root # group: root user::rw- group::r-- group:adm:rwx mask::rwx other::r-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba rodc
Hello What is the status of the samba RODC? I'm trying to setup a PDC - RODC schema and this is what i do On my RODC kinit administrator then samba-tool domain join my domain.com rodc -U Administrator The sync is complete Committing SAM database Sending DsReplicateUpdateRefs for all the replicated partitions Setting RODC invocationId Setting isSynchronized and dsServiceName Setting up secrets database Joined domain FORSA (SID S-1-5-21-3380525496-3468030855-4252408690) as an RODC But after that i see this on my PDC log 2013/03/03 19:54:50, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:37a0236c-89bb-481c-95e9-257682646e2a._msdcs.forsa.com.co[1024,seal,krb5] NT_STATUS_UNSUCCESSFUL And in my RODC i see this Default-First-Site-Name\BDC DSA Options: 0x0025 DSA object GUID: 37a0236c-89bb-481c-95e9-257682646e2a DSA invocationId: 64f4a862-309d-4a0d-a3de-5aa8998da68a INBOUND NEIGHBORS ERROR(runtime): DsReplicaGetInfo of type 0 failed - (8453, 'WERR_DS_DRA_ACCESS_DENIED') I don't know where else to search. Appreciate your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba