Samba-4.0-rc2 samba-tool ntacl sysvolreset

Andrew Bartlett abartlet at samba.org
Sun Oct 7 19:09:56 MDT 2012 

On Sun, 2012-10-07 at 17:17 +0200, Gémes Géza wrote:
> 2012-10-07 06:57 keltezéssel, Andrew Bartlett írta:
> > On Sun, 2012-10-07 at 06:40 +0200, Gémes Géza wrote:
> >> 2012-10-07 02:12 keltezéssel, Andrew Bartlett írta:
> >>> On Sat, 2012-10-06 at 17:51 +0200, Gémes Géza wrote:
> >>>> Hi,
> >>>>
> >>>> My saga with RC2 continues :-)
> >>>>
> >>>> I have successfully joined a new RC2 install to my old beta6-GIT-4631723
> >>>> domain (from classicupgrade)
> >>>> The rc2 works fine this time. Except one minor (or not so) problem:
> >>>> I've copied (the tar-ed version) of the sysvol folder from the old
> >>>> install (deliberately chose to drop acls at the origin)
> >>>> then I ran samba-tool ntacl sysvolreset on the RC2 install, which gave:
> >>>>
> >>>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
> >>>> ERROR(runtime): uncaught exception - (-1073741734,
> >>>> 'NT_STATUS_INVALID_OWNER')
> >>> Can you please try this patch?
> >>>
> >>> This is my current proposal to work around this situation - we just
> >>> don't change the posix owner of the file in this case.
> >>>
> >>> (I might evolve this patch to have it manually chown the files to root,
> >>> but it won't go via this failing codepath)
> >>>
> >>> Andrew Bartlett
> >>>
> >> Hi,
> >>
> >> Unfortunately the ntacl.py (from master, the patch doesn't apply to RC2)
> >> with the patch applied fails on RC2 with:
> >> samba-tool ntacl sysvolreset yields:
> >> ERROR(<type 'exceptions.AttributeError'>): uncaught exception -
> >> 'NoneType' object has no attribute 'sid_to_id'
> >>     File
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >> line 168, in _run
> >>       return self.run(*args, **kwargs)
> >>     File
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
> >> line 214, in run
> >>       lp, use_ntvfs=use_ntvfs)
> >>     File
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
> >> line 1450, in setsysvolacl
> >>       setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs)
> >>     File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
> >> line 90, in setntacl
> >>       (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid)
> > As far as I can tell, you don't have my patch correctly applied, as
> > those line numbers don't line up with current master+my patch.
> >
> > Andrew Bartlett
> Hi,
> 
> With your patch applied to master I was able to successfully reset the 
> sysvol acls (I've backed up (with samba_backup) the RC2 production 
> server and copied the resulting archives to a recently (today) built 
> testdomain).

A modified version of that patch is in autobuild.  It seems the smallest
change that will allow us to get past this issue for now.  

Can you confirm that GPOs behave as expected with this change, including
editing etc?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list