Project

General

Profile

Tâche #29629

Updated by Gilles Grandgérard about 1 year ago

Lors d'un backup Samba, la sauvegarde s'arrete car l'un des fichiers de 'sysvol' est bloqués.
<pre>


Il est nécessaire de redémarrer Samba pour couper ces sessions, avant de lancer la sauvegarde. root@seth:/usr/share/eole/schedule/scripts# diff samba_backup*
21a22,23
> #systemctl restart samba-ad-dc
>
25c27
< samba-tool domain exportkeytab "$KEYFILE" --principal="$USER" 2> /dev/null
---
> samba-tool domain exportkeytab "$KEYFILE" --principal="$USER"
29c31
< /usr/share/eole/sbin/samba_backup "$REPORT" "$WHERE" "$SERVER" "$1" > /dev/null 2> /dev/null
---
> /usr/share/eole/sbin/samba_backup "$REPORT" "$WHERE" "$SERVER" "$1" > /dev/null

</pre>

<pre>
samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO file /home/sysvol/eep.loc/Policies/{CB17F08C-69C6-4038-B4D1-49C1512CE484}/User/Registry.pol O:BAG:DUD:(A;;0x001f01ff;;;DA)(A;;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;;0x001f01ff;;;SY)(A;;0x001200a9;;;AU)(A;;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 270, in run
lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1836, in checksysvolacl
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1787, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1744, in check_dir_acl
raise ProvisioningError('%s ACL on GPO file %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))


pour vérifier les </pre>

idée: des
scripts de GPO qui sont toujours "tenus": "tenus"
<pre>
lsof /home/sysvol/<domain>/Policies/<gpo uid>/User/Scripts/Logon /home/sysvol/eep.loc/Policies/{CB17F08C-69C6-4038-B4D1-49C1512CE484}/User/Scripts/Logon
lsof /home/sysvol/
lsof
-D /home/sysvol
net status sessions
lsof
</pre>
si des fichiers apparaissent, la sauvegarde va se plantér.

il faut executer (dans ADDC, ou sur Seth):
systemctl stop samba-ad-dc
systemctl start samba-ad-dc
samba-tool ntacl sysvolcheck
samba-tool ntacl sysvolreset

Back