Corrupted GPO
Matthieu Patou
mat at samba.org
Tue Jun 29 15:11:25 MDT 2010
On 29/06/2010 23:47, George Lazar wrote:
>
>
> Matthieu Patou-7 wrote:
>> On 29/06/2010 19:09, George Lazar wrote:
>>>
>>> Matthieu Patou-7 wrote:
>>>> On 29/06/2010 18:39, George Lazar wrote:
>>>>> Matthieu Patou-7 wrote:
>>>>>> Hi Georges,
>>>>>>
>>>>>>>>> Regarding the output, the GPO I was creating when I started to
>>>>>>>>> receive
>>>>>>>>> "there is not enough space" is record no. 13... (Themes Enabled
>>>>>>>>> GPO)
>>>>>>>>>
>>>>>>>>> The content of /usr/local/samba/var/locks/.. doesn't seems not
>>>>>>>>> unusual.
>>>>>>>>> I
>>>>>>>>> have there all the policies owned by 3000008 as before.
>>>>>>>> Yes but I need it to see if all the policy object declared in the
>>>>>>>> Policies container are also here on the filesystem.
>>>>>>>>
>>>>>>>> See attached policies.png
>>>>>>>>
>>>>>>>> More specifically can you show the content of
>>>>>>>> {391F2562-1AB9-4CA5-BC87-4BD72929CC5E} folder ?
>>>>>>>> Can you access
>>>>>>>> \\domain.eu\SysVol\domain.eu\Policies\{391F2562-1AB9-4CA5-BC87-4BD72929CC5E}
>>>>>>>> ?
>>>>>>>> Do you see a file called gpt.ini and two folders MACHINE and USER ?
>>>>>>>> If no can create the folder and the file with the following content:
>>>>>>>> [General]
>>>>>>>> Version=65543
>>>>>>>>
>>>>>>>> See attached policy.png http://old.nabble.com/file/p29022853/GPO.JPG
>>>>>>>> GPO.JPG http://old.nabble.com/file/p29022853/polcies.PNG
>>>>>>>> polcies.PNG
>>>>>>>> http://old.nabble.com/file/p29022853/policy.PNG policy.PNG
>>>>>> It's the fist time I see such things but I'm not the most experienced
>>>>>> with gpo.
>>>>>>
>>>>>> Ok let's try to nuke the GPO:
>>>>>> do a tdbbackup on all the ldb files in /usr/local/samba/private then
>>>>>>
>>>>>> Done.
>>>>>>
>>>>>> ldbedit -H ldap:/localhost -b
>>>>>> CN={391F2562-1AB9-4CA5-BC87-4BD72929CC5E},CN=Policies,CN=System,DC=domain,DC=eu
>>>>>>
>>>>>> You should have three objects, remove them.
>>>>>>
>>>>>> It doesn't let me delete them, I got:
>>>>>> failed to delete
>>>>>> CN={391F2562-1AB9-4CA5-BC87-4BD72929CC5E},CN=Policies,CN=System,DC=domain,DC=eu
>>>>>> - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -<00002098:
>>>>>> insufficient
>>>>>> access rights> <>
>>>>>>
>>>>>> I'm doing this as root but should I stop samba first?
>>>>>>
>>>> no You have to get authenticated: ldbedit -H .... -U DOMAIN\\User
>>>>
>>>> with authentication I got another error:
>>>> LDAP error 66 LDAP_NOT_ALLOWED_ON_NON_LEAF -<00002015: Not allowed on
>> Hum ok let's try to do it on the ldb files directly:
>>
>> ldbedit -H /usr/local/samba/private/sam.ldb -b
>> CN={391F2562-1AB9-4CA5-BC87-4BD72929CC5E},CN=Policies,CN=System,DC=domain,DC=eu
>>
>> another error:
>> failed to delete
>> CN={391F2562-1AB9-4CA5-BC87-4BD72929CC5E},CN=Policies,CN=System,DC=domain,DC=eu
>> - Cannot delete
>> CN={391F2562-1AB9-4CA5-BC87-4BD72929CC5E},CN=Policies,CN=System,DC=domain,DC=eu,
>> not a leaf node (has 2 children)
>>
>> :(
>>
Ah yes, you have to remove the CN=Machine, ... and CN=User, quit and
reedit to remove the CN={....}, ....
--
Matthieu Patou
Samba Team http://samba.org
More information about the samba-technical
mailing list