[Samba4] Duplicate ntSecurityDescriptor during provisioning

Nadezhda Ivanova nadezhda.ivanova at postpath.com
Sat Sep 19 11:59:48 MDT 2009


Hi Matthieu,
I am close to fixing it, just need to run a few tests.


----- Original Message -----
> From: Matthieu Patou <mat+Informatique.Samba at matws.net>
> To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
> Cc: mdw at samba.org <mdw at samba.org>, dpal at redhat.com <dpal at redhat.com>, samba-technical at lists.samba.org <samba-technical at lists.samba.org>, abartlet at samba.org <abartlet at samba.org>
> Sent: Saturday, September 19, 2009 3:29:34 AM GMT-0800 America;Los_Angeles
> Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during provisioning

> > Hello Nadya,
> I also have the same problem of duplicate descriptor on the default 
> domain policy even for a default provisionning with a ldb backend.
> 
> Matthieu
> 
> On 09/18/2009 10:23 AM, Nadezhda Ivanova wrote:
> > Hi again,
> > I am pretty sure the problem is that instead of replacing the 
> existing value, descriptor_do_add adds another one. I think I fixed 
> the problem by removing the old value first. Its very late here and I 
> cannot submit the patch tonight. If you cant wait, try removing the 
> attribute from the incoming message and adding an empty value instead, 
> like the objectclass module does with the objectClass. Sorry about 
> that, it did not show with the default backend.
> >
> > Regards,
> > Nadya
> > ----- Original Message -----
> >> From: 
> samba-technical-bounces at lists.samba.org<samba-technical-bounces at lists.s
> amba.org>
> >> To: mdw at samba.org<mdw at samba.org>, Nadezhda 
> Ivanova<nadezhda.ivanova at postpath.com>
> >> Cc: dpal at redhat.com<dpal at redhat.com>, 
> samba-technical at lists.samba.org<samba-technical at lists.samba.org>, 
> abartlet at samba.org<abartlet at samba.org>
> >> Sent: Friday, September 18, 2009 8:47:19 AM GMT+0200 Europe;Athens
> >> Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during 
> provisioning
> >
> >>> Hi all,
> >> I think I know the cause of it, and it will be fixed in my next 
> commit
> >> tomorrow.
> >>
> >> Regards,
> >> Nadya
> >> ----- Original Message -----
> >>> From: Matthias Dieter Wallnöfer<mdw at samba.org>
> >>> To: Nadezhda Ivanova<nadezhda.ivanova at postpath.com>
> >>> Cc: abartlet at samba.org<abartlet at samba.org>, edewata at redhat.com
> >> <edewata at redhat.com>, dpal at redhat.com<dpal at redhat.com>,
> >> samba-technical at lists.samba.org<samba-technical at lists.samba.org>
> >>> Sent: Friday, September 18, 2009 1:50:36 AM GMT+0200 Europe;Athens
> >>> Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during
> >> provisioning
> >>
> >>>> Hi all together,
> >>>
> >>> yeah, this problem needs tracking. I also suffer from it (I think
> >> you
> >>> all too): consider the group policy objects under
> >>> "CN=Policies,CN=System,<domain-DN>". One is the security 
> descriptor
> >>> added by the "provision_group_policy.ldif" file, therefore this
> >> should
> >>>
> >>> be the right one, and the other seems to be added (I don't exactly
> >>> know
> >>> - but I imagine) by the new module.
> >>>
> >>> Matthias
> >>>
> >>> Nadezhda Ivanova schrieb:
> >>>> Hi,
> >>>> Are you using alpha8 or the current master? It could be related 
> to
> >> a
> >>> patch regarding security descriptors that we pushed Monday 
> evening.
> >>>>
> >>>> Regards,
> >>>> Nadya
> >>>> ----- Original Message -----
> >>>>
> >>>>> From: samba-technical-bounces at lists.samba.org
> >>> <samba-technical-bounces at lists.samba.org>
> >>>>> To: Andrew Bartlett<abartlet at samba.org>, Endi Sukma Dewata
> >>> <edewata at redhat.com>
> >>>>> Cc: Dmitri Pal<dpal at redhat.com>, samba-technical at lists.samba.org
> >>
> >>> <samba-technical at lists.samba.org>
> >>>>> Sent: Wednesday, September 16, 2009 3:38:59 PM GMT-0800
> >>> America;Los_Angeles
> >>>>> Subject: [Samba4] Duplicate ntSecurityDescriptor during
> >>> provisioning
> >>>>>
> >>>>
> >>>>
> >>>>>> Andrew,
> >>>>>>
> >>>>> I'm trying to run the test against OpenLDAP to verify my
> >>> environment
> >>>>> before testing FDS again. I found that the provisioning script
> >>> failed
> >>>>> to load the first entry in provision_group_policy.ldif. Here is
> >> the
> >>>
> >>>>> error message:
> >>>>>
> >>>>> _ldb.LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION -
> >>>>> <nTSecurityDescriptor: multiple values provided>  <>')
> >>>>>
> >>>>> In the LDIF file the entry only has 1 nTSecurityDescriptor value,
> 
> >>
> >>> but
> >>>>> when I check the attribute in ildap_add() it actually has 2
> >> values.
> >>>>>
> >>>>> Do you have any idea? Thanks.
> >>>>>
> >>>>> --
> >>>>> Endi S. Dewata
> >>>>>
> >>>>
> >>>>


More information about the samba-technical mailing list