samba-tool 4.0.24 badly formatted sddl sid code

Mark Walker mark.walker at mobilefun.co.uk
Mon Feb 9 11:19:52 MST 2015 

Just tried with 4.1.16-9 (sernet samba) and the error is still present.

Interesting.



On 9 February 2015 at 18:11, Mark Walker <mark.walker at mobilefun.co.uk>
wrote:

> Hey guys,
>
> Seem to be having some problems cleaning up my servers ACLs with
> samba-tool on my Ubuntu x64 machine running Sernet Samba 4.0.24.
>
> Running the usual db check and fix seems to work just fine but adding in
> the reset known acls line seems to cause problems for samba tool after
> fixing a couple of ACLs it throws an exception.
>
> This is the command I am running:
> samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
>
> The result:
> Checking 4947 objects
> Unknown sddl sid code 'Dn'
> Badly formatted SDDL
> 'AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;DnsAdmins)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)'
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - Unable to parse
> SDDL
>   File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line
> 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.6/dist-packages/samba/netcmd/dbcheck.py", line
> 136, in run
>     controls=controls, attrs=attrs)
>   File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 109, in
> check_database
>     error_count += self.check_object(object.dn, attrs=attrs)
>   File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 922, in
> check_object
>     well_known_sd = self.get_wellknown_sd(dn)
>   File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 857, in
> get_wellknown_sd
>     name_map=self.name_map))
>   File "/usr/lib/python2.6/dist-packages/samba/descriptor.py", line 362,
> in get_dns_domain_microsoft_dns_descriptor
>     return sddl2binary(sddl, domain_sid, name_map)
>   File "/usr/lib/python2.6/dist-packages/samba/descriptor.py", line 43, in
> sddl2binary
>     sec = security.descriptor.from_sddl(sddl, domain_sid)
>
> There didnt seem to be any major issues when testing samba without this
> command but I would like to start my long awaited upgrade from a good point.
>
> I will backup the samba data dirs and try again with 4.1 to see if this is
> a regression within the maintenance branch.
>
> Thanks again and great work guys and gals!
> Mark
>
>


-- 
Regards,
Mark Walker
Systems Manager
Mobile Fun Limited

Mobile Fun is a private limited company registered in England & Wales under
registration number 03914470. The company’s registered office is at Unit
16, Network Park, Duddeston Mill Road, Birmingham, West Midlands, B8 1AU,
UK.

More information about the samba-technical mailing list