GPO created via samba-tool don't Copy or Backup
Klaas TJEBBES
klaas.tjebbes at ac-dijon.fr
Thu May 20 11:33:32 UTC 2021
Hello.
As you told me I've posted my question on the "samba" list.
But I posted it here because it looked to me like a samba bug.
I use the "samba-tool gpo backup/restore" and RSAT only and within a few
steps I have a bug. I've tested this on a dozen of different Samba
servers, all have the same problem. Playing with DOSATTR (getfattr
-dR/setfattr --restore) seems to solve the problem.
I read Python but not C (not that much) and I ended up with this file
(from gpo.py line 47) :
/usr/lib/python3/dist-packages/samba/samba3/libsmb_samba_internal.cpython-38-x86_64-linux-gnu.so
It only takes a couple of minutes to reproduce. All the informations :
versions, OS, commands, etc. are in my previous emails.
* In RSAT create a GPO named "test" AND make a few modifications in it
(I did : Computer Configuration -> Administrative Templates -> System ->
Logon “Always Wait for the Network at Computer Startup and Logon” to
“Enabled”).
On the samba server :
* 'samba-tool gpo listall' => get the GPO ID of "test"
* 'samba-tool gpo backup GPO_ID_OF_TEST' => remember the /tmp/...
directory the GPO is backuped in
* 'samba-tool gpo restore newtest /tmp/BACKUP_GPO_TEST_DIR" -U Administrator
Back in the RSAT :
* "newttest" GPO is empty, the option “Always Wait for the Network at
Computer Startup and Logon” is NOT set
* "newttest" GPO can NOT be Copied or Backuped. The error is "invalid
directory".
** What I found :
On the samba server :
* cd /home/sysvol/domseth.ac-test.fr/Policies/{ID_TEST_GPO}
* getfattr -d -n user.DOSATTRIB -R . > ../test.attrs'
* cd /home/sysvol/domseth.ac-test.fr/Policies/{ID_NEWTEST_GPO}
* setfattr --restore=../test.attrs '
Thank you, regards,
Klaas
Le 13/05/2021 à 01:07, Douglas Bagnall a écrit :
> On 13/05/21 2:19 am, Klaas TJEBBES via samba-technical wrote:
>> Hi,
>>
>> It looks like I don't get very popular with my question here. But
>> could at least someone test this to tell me if one can reproduce ?
>
> You are using the wrong mailing list. This one is for people who develop
> Samba, not those who administer it, and there is not as much overlap
> between those two groups as you might imagine.
>
> Try asking on the Samba list at
>
> https://lists.samba.org/mailman/listinfo/samba
>
> They love answering questions like this.
>
> Douglas
>
>> * In RSAT create a new GPO and make a modification in it (I did :
>> Computer Configuration -> Administrative Templates -> System -> Logon
>> “Always Wait for the Network at Computer Startup and Logon” to “Enabled”)
>> * Close RSAT
>> * Backup GPO via samba-tool (in /tmp/...)
>> * Restore GPO via samba-tool (from /tmp/...) with another name
>> * In RSAT try to Copy this new GPO (right clic "Copy", right clic on
>> "Group Policy Objects" and Paste)
>>
>> I get "Invalid directory". Even doing it via powershell and debug and
>> traces, hundreds of log lines, I couldn't figure out why it won't copy...
>>
>>
>> Regards,
>> Klaas
>>
--
~~~~~~~~~~~~~~~~~~~~~~~
- Klaas TJEBBES
- Equipe EOLE
- DSI
- Dijon
~~~~~~~~~~~~~~~~~~~~~~~
More information about the samba-technical
mailing list