GPO created via samba-tool don't Copy or Backup

Klaas TJEBBES klaas.tjebbes at ac-dijon.fr
Thu May 20 13:31:24 UTC 2021 

To illustrate, two attached images showing "test" and "newtest" GPOs. 
"test" was made using RSAT. "newtest" was made as follow :

samba-tool gpo listall
samba-tool gpo backup {84F33464-3199-48FE-80E4-2473B0BF9F49} # ID of 
"test" GPO I got using "listall"
samba-tool gpo restore /tmp/tmprcu3tbja -U admin --password=a
samba-tool gpo restore newtest /tmp/tmprcu3tbja -U admin --password=a

As you can see on the images, "newtest" GPO has no parameters in it 
while "test" does.

What do you think ? Should I open a bug ?



Le 20/05/2021 à 13:33, Klaas TJEBBES via samba-technical a écrit :
> Hello.
> 
> As you told me I've posted my question on the "samba" list.
> 
> But I posted it here because it looked to me like a samba bug.
> 
> I use the "samba-tool gpo backup/restore" and RSAT only and within a few 
> steps I have a bug. I've tested this on a dozen of different Samba 
> servers, all have the same problem. Playing with DOSATTR (getfattr 
> -dR/setfattr --restore) seems to solve the problem.
> 
> I read Python but not C (not that much) and I ended up with this file 
> (from gpo.py line 47) :
> /usr/lib/python3/dist-packages/samba/samba3/libsmb_samba_internal.cpython-38-x86_64-linux-gnu.so 
> 
> 
> It only takes a couple of minutes to reproduce. All the informations : 
> versions, OS, commands, etc. are in my previous emails.
> 
> 
> 
> * In RSAT create a GPO named "test" AND make a few modifications in it 
> (I did : Computer Configuration -> Administrative Templates -> System -> 
> Logon “Always Wait for the Network at Computer Startup and Logon” to 
> “Enabled”).
> 
> On the samba server :
> * 'samba-tool gpo listall' => get the GPO ID of "test"
> * 'samba-tool gpo  backup GPO_ID_OF_TEST' => remember the /tmp/... 
> directory the GPO is backuped in
> * 'samba-tool gpo restore newtest /tmp/BACKUP_GPO_TEST_DIR" -U 
> Administrator
> 
> Back in the RSAT :
> * "newttest" GPO is empty, the option “Always Wait for the Network at 
> Computer Startup and Logon” is NOT set
> * "newttest" GPO can NOT be Copied or Backuped. The error is "invalid 
> directory".
> 
> 
> ** What I found :
> On the samba server :
> * cd /home/sysvol/domseth.ac-test.fr/Policies/{ID_TEST_GPO}
> * getfattr -d -n user.DOSATTRIB -R . > ../test.attrs'
> * cd /home/sysvol/domseth.ac-test.fr/Policies/{ID_NEWTEST_GPO}
> * setfattr --restore=../test.attrs '
> 
> 
> 
> 
> 
> Thank you, regards,
>   Klaas
> 
> 
> 
> Le 13/05/2021 à 01:07, Douglas Bagnall a écrit :
>> On 13/05/21 2:19 am, Klaas TJEBBES via samba-technical wrote:
>>> Hi,
>>>
>>> It looks like I don't get very popular with my question here. But 
>>> could at least someone test this to tell me if one can reproduce ?
>>
>> You are using the wrong mailing list. This one is for people who 
>> develop Samba, not those who administer it, and there is not as much 
>> overlap between those two groups as you might imagine.
>>
>> Try asking on the Samba list at
>>
>> https://lists.samba.org/mailman/listinfo/samba
>>
>> They love answering questions like this.
>>
>> Douglas
>>
>>> * In RSAT create a new GPO and make a modification in it (I did : 
>>> Computer Configuration -> Administrative Templates -> System -> Logon 
>>> “Always Wait for the Network at Computer Startup and Logon” to 
>>> “Enabled”)
>>> * Close RSAT
>>> * Backup GPO via samba-tool (in /tmp/...)
>>> * Restore GPO via samba-tool (from /tmp/...) with another name
>>> * In RSAT try to Copy this new GPO (right clic "Copy", right clic on 
>>> "Group Policy Objects" and Paste)
>>>
>>> I get "Invalid directory". Even doing it via powershell and debug and 
>>> traces, hundreds of log lines, I couldn't figure out why it won't 
>>> copy...
>>>
>>>
>>> Regards,
>>>   Klaas
>>>
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~

- Klaas TJEBBES
- Equipe EOLE
- DSI
- Dijon

~~~~~~~~~~~~~~~~~~~~~~~

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.png
Type: image/png
Size: 51230 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20210520/57117449/1.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.png
Type: image/png
Size: 51958 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20210520/57117449/2.png>

More information about the samba-technical mailing list