User Tools

Site Tools


How to synchronise your Zentyal Backupdomaincontrollers

A known limitation of Zentyal is that policies are not synchronised. To overcome this issue you can do the following:

On your Domain Controller

Install the Rsync application

apt install rsync 
apt install xinetd

Make sure that your RSYN_ENABLE is set to RSYNC_ENABLE=inetd in /etc/default/rsync

If you start your rsync-server through xinetd, you can use the following configuration file (/etc/xinetd.d/rsync):

 service rsync
    disable         = no
    only_from       =     # Restrict to your DC address(es) or ranges, to prevent other hosts retrieving the content, too.
    socket_type     = stream
    wait            = no
    user            = root
    server          = /usr/bin/rsync
    server_args     = --daemon
    log_on_failure += USERID 

Create the file /etc/rsyncd.conf (adapt the path variable to your PDC Emulators SysVol path):

 path = /var/lib/samba/sysvol/
 comment = Samba Sysvol Share
 uid = root
 gid = root
 read only = yes
 auth users = sysvol-replication
 secrets file = /root/.rsyncd.secret

Create a file /root/.rsyncd.secret (permissions must not be world-readable!) with the following content (adapt the password!):


Restart xinetd.

 service xinetd restart

Now setup this on your backup domain controllers:

Make sure, that you have identical IDs of built-in groups on all DCs. Install rsync by using your package manager or compile from source. Make sure, that you use a version that supports extended ACLs! Create a password file /root/.rsync-sysvol.secret and fill it with the password you set on the PDC Emulator for the sysvol-replication rsync account (permissions of that file must not be world-readable!):


Make the file chmod 700 readable!

For replicating the SysVol folder, run the following command (–dry-run means that no modifications are actually made):

 rsync --dry-run -XAavz --delete-after --password-file=/root/.rsync-sysvol.secret rsync://sysvol-replication@$yourdomaincontrollerip$/sysvol/ /var/lib/samba/sysvol/

If everything goes well you can schedule a cron job on your BDC:

 crontab -e

and put the following in the file without the quotes:

"*/5 * * * *          rsync -XAavz --delete-after --password-file=/root/.rsync-sysvol.secret rsync://sysvol-replication@$yourdomaincontrollerip$/sysvol/ /var/lib/samba/sysvol/"

Repeat these steps on every BDC (except your PDC Emulator!).

That's all.

Your ArtIT Team


sysvol_sync_domain.txt · Last modified: 2022/10/12 18:43 by admin