samba-tool ntacl sysvolreset --use-s3fs failure on samba4.0.0rc1

Daniele Dario d.dario76 at
Tue Oct 9 06:01:00 MDT 2012

Hi Andrew,

On Tue, 2012-10-09 at 22:35 +1100, Andrew Bartlett wrote:
> On Tue, 2012-10-09 at 09:50 +0200, Daniele Dario wrote:
> > Hi samba team,
> > yesterday I was trying to understand why my DC account created during
> > provisioning (for the primary DC) and during join (for secondary DC) do
> > not have any permission on the sysvol folder.
> > 
> > Did I break something "posixifying" the AD default groups?
> You did.  
> Like installations that are upgraded from Samba3 and have GID allocated
> for domain admins, there is the issue that because 'domain admins'
> actually owns files in the sysvol directory, it needs to also map as a
> UID.
> The IDMAP_BOTH tag in idmap.ldb indicates this.
> However, there is not (yet) a way to indicate this in the AD directory.
> My thoughts are to add an optional extra schema that can be imported,
> and that administrators wishing to set a SID -> UID and GID mapping can
> add:
> idmapUidAndGid: TRUE
> to the user and group objects, and have it regard a uidNumber as also
> being a gidNumber and vice versa.  
> This would allow a per-object selection that the administrator has
> confirmed that the uid and gid spaces do not conflict in this specific
> case. 
> The other approach is to try and ignore the problem, and this attached
> patch tries to simply avoid doing the chown, instead changing the file
> to be owned by either administrator or root, but then lying about the
> ownership later. 
> I need feedback to confirm that this all works properly for GPO
> manipulation, so if you can test that it would be most helpful. 
> Andrew Bartlett

I'm currently using samba4.0.0rc1 built from the released tarball and
patch -p1 < 000... failed with

[root at kdc01:~/samba4/samba-4.0.0rc1]# patch -p1 <
patching file source4/scripting/python/samba/
patching file source4/scripting/python/samba/provision/
Hunk #1 FAILED at 1365.
Hunk #2 FAILED at 1391.
Hunk #3 succeeded at 1398 with fuzz 1 (offset -4 lines).
Hunk #4 succeeded at 1415 with fuzz 1 (offset -4 lines).
Hunk #5 succeeded at 1449 (offset -6 lines).
2 out of 5 hunks FAILED -- saving rejects to file

Please find attached reject file.

May I use the patch to manually patch or can you create the
patch starting from the file released with the rc1?

Another way could be to download the latest git (master?) and build from
scratch than apply the patch you previously sent?

-------------- next part --------------
A non-text attachment was scrubbed...
Type: application/x-reject
Size: 1749 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list