Samba-4.0-rc2 samba-tool ntacl sysvolreset

Gémes Géza geza at kzsdabas.hu
Sat Oct 6 22:53:21 MDT 2012


2012-10-07 06:40 keltezéssel, Gémes Géza írta:
> 2012-10-07 02:12 keltezéssel, Andrew Bartlett írta:
>> On Sat, 2012-10-06 at 17:51 +0200, Gémes Géza wrote:
>>> Hi,
>>>
>>> My saga with RC2 continues :-)
>>>
>>> I have successfully joined a new RC2 install to my old 
>>> beta6-GIT-4631723
>>> domain (from classicupgrade)
>>> The rc2 works fine this time. Except one minor (or not so) problem:
>>> I've copied (the tar-ed version) of the sysvol folder from the old
>>> install (deliberately chose to drop acls at the origin)
>>> then I ran samba-tool ntacl sysvolreset on the RC2 install, which gave:
>>>
>>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
>>> ERROR(runtime): uncaught exception - (-1073741734,
>>> 'NT_STATUS_INVALID_OWNER')
>> Can you please try this patch?
>>
>> This is my current proposal to work around this situation - we just
>> don't change the posix owner of the file in this case.
>>
>> (I might evolve this patch to have it manually chown the files to root,
>> but it won't go via this failing codepath)
>>
>> Andrew Bartlett
>>
> Hi,
>
> Unfortunately the ntacl.py (from master, the patch doesn't apply to 
> RC2) with the patch applied fails on RC2 with:
> samba-tool ntacl sysvolreset yields:
> ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 
> 'NoneType' object has no attribute 'sid_to_id'
>   File 
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
> line 168, in _run
>     return self.run(*args, **kwargs)
>   File 
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", 
> line 214, in run
>     lp, use_ntvfs=use_ntvfs)
>   File 
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", 
> line 1450, in setsysvolacl
>     setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", 
> line 90, in setntacl
>     (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid)
>
> At the same time samba-tool ntacl sysvolcheck gives:
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception 
> - ProvisioningError: DB ACL on GPO directory 
> /usr/local/samba/var/locks/sysvol/kzsdabas.hu/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9} 
> O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU) 
> does not match expected value 
> O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) 
> from GPO object
>   File 
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
> line 168, in _run
>     return self.run(*args, **kwargs)
>   File 
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", 
> line 247, in run
>     lp)
>   File 
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", 
> line 1570, in checksysvolacl
>     check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, 
> direct_db_access)
>   File 
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", 
> line 1523, in check_gpos_acl
>     domainsid, direct_db_access)
>   File 
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", 
> line 1474, in check_dir_acl
>     raise ProvisioningError('%s ACL on GPO directory %s %s does not 
> match expected value %s from GPO object' % 
> (acl_type(direct_db_access), path, fsacl_sddl, acl))
>
> Cheers
>
> Geza Gemes
>
Hi,

Please disregard the sysvolcheck error it is the same as with stock RC2. 
My fault for including it here.

Cheers

Geza Gemes


More information about the samba-technical mailing list