[Samba] Upgrade to 4.20: Not resetting nTSecurityDescriptor

Daniel Müller mueller at tropenklinik.de
Mon Apr 15 07:44:11 UTC 2024 

root at dom2:~# samba-tool dbcheck --fix --yes
Checking 705 objects
Checked 705 objects (0 errors)
root at dom2:~# samba-tool dbcheck --cross-ncs
Checking 4506 objects
Not resetting nTSecurityDescriptor on CN=Deleted Objects,CN=Configuration,DC=tlk,DC=loc

Not resetting nTSecurityDescriptor on CN=Deleted Objects,DC=DomainDnsZones,DC=tlk,DC=loc

Not resetting nTSecurityDescriptor on CN=Deleted Objects,DC=ForestDnsZones,DC=tlk,DC=loc

Checked 4506 objects (3 errors)
Please use 'samba-tool dbcheck --fix' to fix 3 errors

-----Ursprüngliche Nachricht-----
Von: Rowland Penny via samba [mailto:samba at lists.samba.org] 
Gesendet: Montag, 15. April 2024 09:28
An: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Betreff: Re: [Samba] Upgrade to 4.20: Not resetting nTSecurityDescriptor

On Mon, 15 Apr 2024 07:53:16 +0200
Daniel Müller via samba <samba at lists.samba.org> wrote:

> I did it:
> root at dom2:~# samba-tool dbcheck --fix
> Checking 705 objects
> Reset nTSecurityDescriptor on CN=Deleted Objects,DC=tlk,DC=loc back
> to provision                                   default? Owner
> mismatch: SY (in ref) DA(in current) Group mismatch: SY (in ref) DA(in 
> current) Part dacl is different between reference and current here is 
> the detail: (A;;LCRPLORC;;;AU) ACE is not present in the reference 
> (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in
> the r                                  eference
> (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the r
>                             eference (A;;CCDCLCSWRPWPSDRCWDWO;;;SY) 
> ACE is not present in the current (A;;LCRP;;;BA) ACE is not present in 
> the current [y/N/all/none] y Fixed attribute 'nTSecurityDescriptor' of 
> 'CN=Deleted Objects,DC=tlk,DC=loc'
> 
> Checked 705 objects (1 errors)
> 
> 
> 
> root at dom2:~# samba-tool dbcheck --cross-ncs Checking 4506 objects Not 
> resetting nTSecurityDescriptor on CN=Deleted 
> Objects,CN=Configuration,DC=tlk,DC=loc
> 
> Not resetting nTSecurityDescriptor on CN=Deleted 
> Objects,DC=DomainDnsZones,DC=tlk,DC=loc
> 
> Not resetting nTSecurityDescriptor on CN=Deleted 
> Objects,DC=ForestDnsZones,DC=tlk,DC=loc
> 
> Checked 4506 objects (3 errors)
> Please use 'samba-tool dbcheck --fix' to fix 3 errors root at dom2:~# 
> samba-tool dbcheck --fix Checking 705 objects Checked 705 objects (0 
> errors)
> 
> But the next "samba-tool dbcheck --cross-ncs" shows the same three 
> errors again!?
> 

Try it like this:

samba-tool dbcheck --fix --yes

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list