[Samba] samba-tool gpo aclcheck error

Wed Dec 11 17:05:12 MST 2013

Same exact error here.  My GPO's only work on the domain container. They do
not propagate to any sub-containers. It's is driving me insane -- I'm
pulling my hair out on this one.
I also get this error from samba-tool ntacl:

# samba-tool ntacl sysvolcheck
<snip>
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/
mimicsimulation.com/Policies/{4079021F-460A-413E-B948-48A434346509}O:LAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)(A;OICI;0x001200a9;;;DU)
does not match expected value
O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)(A;OICI;0x001200a9;;;DU)
from GPO object
  File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line
175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line
249, in run
    lp)
  File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py",
line 1695, in checksysvolacl
    direct_db_access)
  File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py",
line 1646, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py",
line 1593, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match
expected value %s from GPO object' % (acl_type(direct_db_access), path,
fsacl_sddl, acl))

I'm on sernet 4.1.

*Scott Goodwin*
IT Lead
Mimic Technologies, Inc
811 First Avenue, Suite 408  |  Seattle, WA 98104
phone: 1.800.918.1670  |  direct: 206.456.9180
fax: 206.623.3491  |  cell: 206.355.7767

On Wed, Dec 11, 2013 at 12:53 PM, <me at electronico.nc> wrote:

> Le 11/12/2013 21:52, David Minard a écrit :
>
>> samba-tool gpo aclcheck
>>
> With Samba 4.1.2 compiled from GIT, I get same error on an Ubuntu 12.04.3
> LTS x64 server:
>
> # samba-tool gpo aclcheck
>
> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/gpo.py",
> line 1150, in run
>
>     ds_sd_ndr = m['nTSecurityDescriptor'][0]
>
> Nicolas
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>