[Samba4] Duplicate ntSecurityDescriptor during provisioning

Crístian Viana cristiandeives at gmail.com
Wed Sep 23 07:59:21 MDT 2009 

hi Nadezhda,

I'm running "net vampire" from the latest git version and it fails with the
following message:

libnet_BecomeDC() failed - LDAP_CONSTRAINT_VIOLATION

I remember a few days ago it worked, but now it didn't.

is this problem related to this thread's?

On Sat, Sep 19, 2009 at 2:59 PM, Nadezhda Ivanova <
nadezhda.ivanova at postpath.com> wrote:

> Hi Matthieu,
> I am close to fixing it, just need to run a few tests.
>
>
> ----- Original Message -----
> > From: Matthieu Patou <mat+Informatique.Samba at matws.net<mat%2BInformatique.Samba at matws.net>
> >
> > To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
> > Cc: mdw at samba.org <mdw at samba.org>, dpal at redhat.com <dpal at redhat.com>,
> samba-technical at lists.samba.org <samba-technical at lists.samba.org>,
> abartlet at samba.org <abartlet at samba.org>
> > Sent: Saturday, September 19, 2009 3:29:34 AM GMT-0800
> America;Los_Angeles
> > Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during provisioning
>
> > > Hello Nadya,
> > I also have the same problem of duplicate descriptor on the default
> > domain policy even for a default provisionning with a ldb backend.
> >
> > Matthieu
> >
> > On 09/18/2009 10:23 AM, Nadezhda Ivanova wrote:
> > > Hi again,
> > > I am pretty sure the problem is that instead of replacing the
> > existing value, descriptor_do_add adds another one. I think I fixed
> > the problem by removing the old value first. Its very late here and I
> > cannot submit the patch tonight. If you cant wait, try removing the
> > attribute from the incoming message and adding an empty value instead,
> > like the objectclass module does with the objectClass. Sorry about
> > that, it did not show with the default backend.
> > >
> > > Regards,
> > > Nadya
> > > ----- Original Message -----
> > >> From:
> > samba-technical-bounces at lists.samba.org<samba-technical-bounces at lists.s
> > amba.org>
> > >> To: mdw at samba.org<mdw at samba.org>, Nadezhda
> > Ivanova<nadezhda.ivanova at postpath.com>
> > >> Cc: dpal at redhat.com<dpal at redhat.com>,
> > samba-technical at lists.samba.org<samba-technical at lists.samba.org>,
> > abartlet at samba.org<abartlet at samba.org>
> > >> Sent: Friday, September 18, 2009 8:47:19 AM GMT+0200 Europe;Athens
> > >> Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during
> > provisioning
> > >
> > >>> Hi all,
> > >> I think I know the cause of it, and it will be fixed in my next
> > commit
> > >> tomorrow.
> > >>
> > >> Regards,
> > >> Nadya
> > >> ----- Original Message -----
> > >>> From: Matthias Dieter Wallnöfer<mdw at samba.org>
> > >>> To: Nadezhda Ivanova<nadezhda.ivanova at postpath.com>
> > >>> Cc: abartlet at samba.org<abartlet at samba.org>, edewata at redhat.com
> > >> <edewata at redhat.com>, dpal at redhat.com<dpal at redhat.com>,
> > >> samba-technical at lists.samba.org<samba-technical at lists.samba.org>
> > >>> Sent: Friday, September 18, 2009 1:50:36 AM GMT+0200 Europe;Athens
> > >>> Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during
> > >> provisioning
> > >>
> > >>>> Hi all together,
> > >>>
> > >>> yeah, this problem needs tracking. I also suffer from it (I think
> > >> you
> > >>> all too): consider the group policy objects under
> > >>> "CN=Policies,CN=System,<domain-DN>". One is the security
> > descriptor
> > >>> added by the "provision_group_policy.ldif" file, therefore this
> > >> should
> > >>>
> > >>> be the right one, and the other seems to be added (I don't exactly
> > >>> know
> > >>> - but I imagine) by the new module.
> > >>>
> > >>> Matthias
> > >>>
> > >>> Nadezhda Ivanova schrieb:
> > >>>> Hi,
> > >>>> Are you using alpha8 or the current master? It could be related
> > to
> > >> a
> > >>> patch regarding security descriptors that we pushed Monday
> > evening.
> > >>>>
> > >>>> Regards,
> > >>>> Nadya
> > >>>> ----- Original Message -----
> > >>>>
> > >>>>> From: samba-technical-bounces at lists.samba.org
> > >>> <samba-technical-bounces at lists.samba.org>
> > >>>>> To: Andrew Bartlett<abartlet at samba.org>, Endi Sukma Dewata
> > >>> <edewata at redhat.com>
> > >>>>> Cc: Dmitri Pal<dpal at redhat.com>, samba-technical at lists.samba.org
> > >>
> > >>> <samba-technical at lists.samba.org>
> > >>>>> Sent: Wednesday, September 16, 2009 3:38:59 PM GMT-0800
> > >>> America;Los_Angeles
> > >>>>> Subject: [Samba4] Duplicate ntSecurityDescriptor during
> > >>> provisioning
> > >>>>>
> > >>>>
> > >>>>
> > >>>>>> Andrew,
> > >>>>>>
> > >>>>> I'm trying to run the test against OpenLDAP to verify my
> > >>> environment
> > >>>>> before testing FDS again. I found that the provisioning script
> > >>> failed
> > >>>>> to load the first entry in provision_group_policy.ldif. Here is
> > >> the
> > >>>
> > >>>>> error message:
> > >>>>>
> > >>>>> _ldb.LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION -
> > >>>>> <nTSecurityDescriptor: multiple values provided>  <>')
> > >>>>>
> > >>>>> In the LDIF file the entry only has 1 nTSecurityDescriptor value,
> >
> > >>
> > >>> but
> > >>>>> when I check the attribute in ildap_add() it actually has 2
> > >> values.
> > >>>>>
> > >>>>> Do you have any idea? Thanks.
> > >>>>>
> > >>>>> --
> > >>>>> Endi S. Dewata
> > >>>>>
> > >>>>
> > >>>>
>



-- 
Crístian Deives dos Santos Viana [aka CD1]
Sent from Campinas, SP, Brazil

More information about the samba-technical mailing list