[Samba] samba-tool gpo aclcheck error

David Minard david at scem.uws.edu.au
Wed Dec 11 03:52:13 MST 2013


G'day Marc,

	Our GPOs work.  However we thought it strange that the command failed.

	We tried 4.1 in our test environment, and got RPC errors.  We went back to 4.0.10 as time to integrate Samba4 fully into our environment was too precious to work through the problem.  We might try again now that we're getting a handle on things.

Cheers,
On 11/12/2013, at 6:01 PM, Marc Muehlfeld wrote:

> Hello David,
> 
> Am 11.12.2013 02:15, schrieb David Minard:
>> samba-tool gpo aclcheck
>> 
>> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
>>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
>>    return self.run(*args, **kwargs)
>>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/gpo.py", line 1150, in run
>>    ds_sd_ndr = m['nTSecurityDescriptor'][0]
> 
> https://bugzilla.samba.org/show_bug.cgi?id=9922
> 
> 
> Do your GPOs work correct and you simply want to check the ACLs? Or are there any problems?
> 
> 
> I tried the command in my 4.1.0 test environment and 4.1.2 production. There the command works (at least I don't get this error, but see an invalid ACL, but it is the same on production and test environment):
> # samba-tool gpo aclcheck
> ERROR: Invalid GPO ACL O:DAG:DAD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001200a9;;;ED)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001f01ff;;;SY)(A;OICI;;;;WD)(A;;0x001f01ff;;;DA)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;;;;CG) on path (samdom.example.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}), should be O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
> 
> Can you switch to 4.1?
> 
> 
> Regards,
> Marc
> 
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

David Minard.
Ph:    0247 360 155
Fax:    0247 360 770

School of Computing, Engineering, and Mathematics
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith South DC
NSW 1797

[Sometimes waking up just isn't worth the insult of the day to come.]


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the samba mailing list