[Samba] Sysvol acl check failed
Stefan Kania
stefan at kania-online.de
Mon Oct 12 16:20:19 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
when I check ACLs on my sysvol I got the following errors:
root at DKHHDC1:~# samba-tool gpo aclcheck
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
element'
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", line
1150, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
root at DKHHDC1:~# samba-tool ntacl sysvolcheck
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No
such file or directory')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
249, in run
lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1733, in checksysvolacl
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1684, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1628, in check_dir_acl
fsacl = getntacl(lp, path, direct_db_access=direct_db_access,
service=SYSVOL_SERVICE)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in
getntacl
xattr.XATTR_NTACL_NAME)
Then I tried to fix erros. Doing this, I got the next errors
root at DKHHDC1:~# samba-tool ntacl sysvolreset
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
218, in run
lp, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1619, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1524, in set_gpos_acl
passdb=passdb)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1487, in set_dir_acl
setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs,
skip_invalid_chown=True, passdb=passdb, service=service)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 154,
in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER |
security.SECINFO_GROUP | security.SECINFO_DACL |
security.SECINFO_SACL, sd, service=service)
When I check the database everything is ok.
root at DKHHDC1:~# samba-tool dbcheck
Checking 1185 objects
Checked 1185 objects (0 errors)
Here are the permissions in sysvol:
root at DKHHDC1:~# ls -l /var/lib/samba/sysvol/dkhh.local/Policies/
insgesamt 80
drwxrws---+ 6 root 3000000 4096 Jun 25 2014
{08BE834B-49D1-4F47-950E-C0D0CB4D2486}
drwxrws---+ 6 root 3000015 4096 Nov 5 2013
{31B2F340-016D-11D2-945F-00C04FB984F9}
drwxrws---+ 4 3000015 3000015 4096 Mai 15 2014
{4D8D96AA-C7E4-47F9-A8AF-D1D72CA6CBA1}
drwxrws---+ 4 3000015 3000015 4096 Nov 11 2014
{5C3768B4-E734-4168-A370-E0BB95C00B29}
drwxrws---+ 4 3000015 3000015 4096 Mär 1 2013
{6AC1786C-016F-11D2-945F-00C04FB984F9}
drwxrws---+ 5 3000015 3000015 4096 Jun 11 2014
{6FBD7831-E891-41A4-A5FA-B3BCCEAEA519}
drwxrws---+ 4 3000015 3000015 4096 Mai 26 2014
{8DD38317-E675-4042-84DD-0CF499F8C5F1}
drwxrws---+ 5 3000015 3000015 4096 Mär 23 2015
{9C353A54-854E-4CA5-A038-98B5F935627A}
drwxrws---+ 4 3000015 3000015 4096 Dez 3 2014
{A42F9750-57C8-4E48-8928-EF22B6E27CAE}
drwxrws---+ 5 3000015 3000015 4096 Jun 16 2014
{EE730522-233D-47BB-A05C-058B5D9E10DB}
root at DKHHDC1:~# ls -l /var/lib/samba/sysvol/dkhh.local/
insgesamt 24
drwxrws---+ 12 root 3000000 4096 Jan 29 2015 Policies
drwxrws---+ 5 root 3000000 4096 Jun 30 2014 scripts
drwxrws---+ 10 root 3000000 4096 Mär 26 2013 StarterGPOs
YES I know .local is not a good choice, but it is as it is NOT my
choice
All GPOs are working
One more thing. The old DC was a selfcompiled Samba 4 with
/usr/local/samba/sysvol. The new one is running the sernet-packeges
with /var/lib/samba/sysvol als path.
Where should I look next?
Thank you
Stefan
- --
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org
Mein Schlüssel liegt auf
hkp://subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iEYEARECAAYFAlYb3cMACgkQ2JOGcNAHDTY9cACffa+1P7qhEVKOdNIRM3BR3rs6
C+gAnjsabkpx8TTT47qpPbkoXfqh0/Q9
=GNVV
-----END PGP SIGNATURE-----
More information about the samba
mailing list