Univention Bugzilla – Bug 42097
sysvol-sync on other DCs fails when disabled on the master
Last modified: 2016-11-28 14:51:06 CET
Ticket#: 2016082321000445 When the sysvol-sync cron job has been disabled on the master, other DCs may not be able to sync the sysvol from the master. This is the error message in /var/lock/univention/sysvol-sync.log from a DC that is failing to synchronize: =========================================================================== bash: /var/lock/sysvol-sync-dir: Keine Berechtigung 14:11:32 ERROR [master] Could not aquire remote read lock after 30 seconds. 14:11:32 ERROR [master] Skipping sync to local sysvol! =========================================================================== This happens because the sysvol-sync script on the master is responsible to set the permissions for /var/lock/sysvol-sync-dir to be writeable for "DC Slave Hosts". +++ This bug was initially created as a clone of Bug #40346 +++ Please provide a 4.0-4-errata backport. +++ This bug was initially created as a clone of Bug #40186 +++ There has been at least one report of broken fACLs in sysvol. The primary suspect is sysvol-sync. There might be issues coming from concurrent reads from and writes to /var/lib/samba/sysvol. There are at least threee ideas on how to improve this: a) Lock the sysvol while operating on it (e.g. man flock) b) First check with "rsync -au --dry-run" if copying is required at all c) Generate a consistent sysvol copy for the reading rsync processes
Looks like a local customer issue because we set the permissions in univention-samba4-sysvol-sync.postinst and the code block in question has been executed as witnessed by the fact the the UCR variable sshd/config/ClientAliveInterval is set to 60 on the master in the customer environment.
OK