[Samba] Samba4 ADC cannot edit GPO with W2K3
Luis Martinez
luimarma at mconesa.com
Fri Sep 28 10:52:53 MDT 2012
I have made more tests with the information given.
Coming from a fresh provisioning after install I get already an error
while runing the check:
[root at tesauro ~]# /usr/local/samba/bin/samba-tool ntacl sysvolcheck
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data
available')
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 168, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/ntacl.py",
line 247, in run
lp)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1562, in checksysvolacl
fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/ntacls.py", line
73, in getntacl
xattr.XATTR_NTACL_NAME)
After sysvolreset then the error disappears.
Just after creating the GPO then again sysvolcheck raises an error
although the GPO is created without reporting an error to win2k3.
[root at tesauro ~]# /usr/local/samba/bin/samba-tool ntacl sysvolcheck
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data
available')
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 168, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/ntacl.py",
line 247, in run
lp)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1570, in checksysvolacl
check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
direct_db_access)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1523, in check_gpos_acl
domainsid, direct_db_access)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1471, in check_dir_acl
fsacl = getntacl(lp, path, direct_db_access=direct_db_access)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/ntacls.py", line
73, in getntacl
xattr.XATTR_NTACL_NAME)
Any ideas?
Luis
El 28/09/12 18:47, sandy.napoles at eccmg.cupet.cu escribió:
> I have the same error, but I can create perfectly the GPO and it are
> aplicate in my client perfect......then why I have it?
>
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: DB ACL on sysvol directory
> /usr/local/samba/var/locks/sysvol/eccmg.cupet.cu
> O:S-1-5-21-1892862124-1292540316-1938423036-500G:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)
> does not match expected value
> O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)
> from provision
> File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
> line 170, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/ntacl.py",
> line 247, in run
> lp)
> File
> "/usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py",
> line 1574, in checksysvolacl
> raise ProvisioningError('%s ACL on sysvol directory %s %s does not
> match expected value %s from provision' % (acl_type(direct_db_access),
> dir_path, fsacl_sddl, SYSVOL_ACL))
>
>
>
>> On 28/09/12 13:27, felix at epepm.cupet.cu wrote:
>>
>>> Try:
>>> /usr/local/samba/bin/samba-tool ntacl sysvolcheck
>>>
>>> and if it yields some error then:
>>> /usr/local/samba/bin/samba-tool ntacl sysvolreset
>>>
>>>
>>> It worked for me.
>>>
>> Hi
>> Exactly the same GPO creation error here.
>>
>> Here are the outputs from the samba4 git build today:
>>
>> samba-tool ntacl sysvolcheck
>> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
>> ProvisioningError: DB ACL on GPO directory
>> /usr/local/samba/var/locks/sysvol/hh3.site/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
>> O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)
>> does not match expected value
>> O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
>> from GPO object
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 170, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>> line 245, in run
>> lp)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 1578, in checksysvolacl
>> direct_db_access)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 1530, in check_gpos_acl
>> domainsid, direct_db_access)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 1480, in check_dir_acl
>> raise ProvisioningError('%s ACL on GPO directory %s %s does not
>> match expected value %s from GPO object' % (acl_type(direct_db_access),
>> path, fsacl_sddl, acl))
>>
>>
>> and:
>> samba-tool ntacl sysvolreset
>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
>> ERROR(runtime): uncaught exception - (-1073741734,
>> 'NT_STATUS_INVALID_OWNER')
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 170, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>> line 214, in run
>> lp, use_ntvfs=use_ntvfs)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 1468, in setsysvolacl
>> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
>> use_ntvfs)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 1405, in set_gpos_acl
>> str(domainsid), use_ntvfs)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 1369, in set_dir_acl
>> setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs)
>> File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
>> line 108, in setntacl
>> smbd.set_nt_acl(file, security.SECINFO_OWNER |
>> security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL,
>> sd)
>>
>> Do we have to reprovision in this case?
>> Cheers,
>> Steve
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list