Samba-4.0-rc2 samba-tool ntacl sysvolreset

Gémes Géza geza at kzsdabas.hu
Sun Oct 7 23:04:09 MDT 2012 

2012-10-08 03:09 keltezéssel, Andrew Bartlett írta:
> On Sun, 2012-10-07 at 17:17 +0200, Gémes Géza wrote:
>> 2012-10-07 06:57 keltezéssel, Andrew Bartlett írta:
>>> On Sun, 2012-10-07 at 06:40 +0200, Gémes Géza wrote:
>>>> 2012-10-07 02:12 keltezéssel, Andrew Bartlett írta:
>>>>> On Sat, 2012-10-06 at 17:51 +0200, Gémes Géza wrote:
>>>>>> Hi,
>>>>>>
>>>>>> My saga with RC2 continues :-)
>>>>>>
>>>>>> I have successfully joined a new RC2 install to my old beta6-GIT-4631723
>>>>>> domain (from classicupgrade)
>>>>>> The rc2 works fine this time. Except one minor (or not so) problem:
>>>>>> I've copied (the tar-ed version) of the sysvol folder from the old
>>>>>> install (deliberately chose to drop acls at the origin)
>>>>>> then I ran samba-tool ntacl sysvolreset on the RC2 install, which gave:
>>>>>>
>>>>>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
>>>>>> ERROR(runtime): uncaught exception - (-1073741734,
>>>>>> 'NT_STATUS_INVALID_OWNER')
>>>>> Can you please try this patch?
>>>>>
>>>>> This is my current proposal to work around this situation - we just
>>>>> don't change the posix owner of the file in this case.
>>>>>
>>>>> (I might evolve this patch to have it manually chown the files to root,
>>>>> but it won't go via this failing codepath)
>>>>>
>>>>> Andrew Bartlett
>>>>>
>>>> Hi,
>>>>
>>>> Unfortunately the ntacl.py (from master, the patch doesn't apply to RC2)
>>>> with the patch applied fails on RC2 with:
>>>> samba-tool ntacl sysvolreset yields:
>>>> ERROR(<type 'exceptions.AttributeError'>): uncaught exception -
>>>> 'NoneType' object has no attribute 'sid_to_id'
>>>>      File
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>>> line 168, in _run
>>>>        return self.run(*args, **kwargs)
>>>>      File
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>>>> line 214, in run
>>>>        lp, use_ntvfs=use_ntvfs)
>>>>      File
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>>>> line 1450, in setsysvolacl
>>>>        setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs)
>>>>      File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
>>>> line 90, in setntacl
>>>>        (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid)
>>> As far as I can tell, you don't have my patch correctly applied, as
>>> those line numbers don't line up with current master+my patch.
>>>
>>> Andrew Bartlett
>> Hi,
>>
>> With your patch applied to master I was able to successfully reset the
>> sysvol acls (I've backed up (with samba_backup) the RC2 production
>> server and copied the resulting archives to a recently (today) built
>> testdomain).
> A modified version of that patch is in autobuild.  It seems the smallest
> change that will allow us to get past this issue for now.
>
> Can you confirm that GPOs behave as expected with this change, including
> editing etc?
>
> Thanks,
>
> Andrew Bartlett
>
Later today I'm going to ad some (virtual) test Windows installs to the 
domain to check.

Cheers

Geza Gemes

More information about the samba-technical mailing list