[Samba] Sysvol acl check failed (solved)

James lingpanda101 at gmail.com
Tue Oct 13 13:41:05 UTC 2015 

On 10/13/2015 6:43 AM, Stefan Kania wrote:
> Am 13.10.2015 um 11:20 schrieb Stefan Kania: > > Am 12.10.2015 um 18:47 schrieb James: > >> On 10/12/2015 12:20 PM,
Stefan Kania wrote: > >>> Hello, > >>> > >>> when I check ACLs on my
sysvol I got the following errors: > >>> > >>> root at DKHHDC1:~#
samba-tool gpo aclcheck ERROR(<type > >>> 'exceptions.KeyError'>):
uncaught exception - 'No such element' > >>>  File > >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > >>> line
175, in _run return self.run(*args, **kwargs) File > >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", line > >>> 1150,
in run ds_sd_ndr = m['nTSecurityDescriptor'][0] > >>> > >>> > >>>
root at DKHHDC1:~# samba-tool ntacl sysvolcheck ERROR(<type > >>>
'exceptions.TypeError'>): uncaught exception - (2, 'No such > >>> file
or directory') File > >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > >>> line
175, in _run return self.run(*args, **kwargs) File > >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > >>> 
249, in run lp) File > >>>
"/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > >>> 
line 1733, in checksysvolacl direct_db_access) File > >>>
"/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > >>> 
line 1684, in check_gpos_acl domainsid, direct_db_access) > >>> File >
>>> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", >
>>>  line 1628, in check_dir_acl fsacl = getntacl(lp, path, > >>>
direct_db_access=direct_db_access, service=SYSVOL_SERVICE) > >>> File
"/usr/lib/python2.7/dist-packages/samba/ntacls.py", line > >>> 73, in
getntacl xattr.XATTR_NTACL_NAME) > >>> > >>> Then I tried to fix erros.
Doing this, I got the next errors > >>> > >>> root at DKHHDC1:~# samba-tool
ntacl sysvolreset open: error=2 (No > >>> such file or directory)
ERROR(runtime): uncaught exception - > >>> (-1073741823, 'Undetermined
error') File > >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > >>> line
175, in _run return self.run(*args, **kwargs) File > >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > >>> 
218, in run lp, use_ntvfs=use_ntvfs) File > >>>
"/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > >>> 
line 1619, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, > >>>
domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) > >>> File
> >>> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", >
>>>  line 1524, in set_gpos_acl passdb=passdb) File > >>>
"/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > >>> 
line 1487, in set_dir_acl setntacl(lp, path, acl, domsid, > >>>
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, > >>>
service=service) File > >>>
"/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 154, > >>> in
setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | > >>>
security.SECINFO_GROUP | security.SECINFO_DACL | > >>>
security.SECINFO_SACL, sd, service=service) > >>> > >>> When I check the
database everything is ok. > >>> > >>> root at DKHHDC1:~# samba-tool
dbcheck Checking 1185 objects > >>> Checked 1185 objects (0 errors) >
>>> > >>> Here are the permissions in sysvol: > >>> > >>>
root at DKHHDC1:~# ls -l > >>> /var/lib/samba/sysvol/dkhh.local/Policies/
insgesamt 80 > >>> drwxrws---+ 6 root    3000000 4096 Jun 25  2014 > >>>
{08BE834B-49D1-4F47-950E-C0D0CB4D2486} drwxrws---+ 6 root > >>> 3000015
4096 Nov  5  2013 > >>> {31B2F340-016D-11D2-945F-00C04FB984F9}
drwxrws---+ 4 3000015 > >>> 3000015 4096 Mai 15  2014 > >>>
{4D8D96AA-C7E4-47F9-A8AF-D1D72CA6CBA1} drwxrws---+ 4 3000015 > >>>
3000015 4096 Nov 11  2014 > >>> {5C3768B4-E734-4168-A370-E0BB95C00B29}
drwxrws---+ 4 3000015 > >>> 3000015 4096 Mär  1  2013 > >>>
{6AC1786C-016F-11D2-945F-00C04FB984F9} drwxrws---+ 5 3000015 > >>>
3000015 4096 Jun 11  2014 > >>> {6FBD7831-E891-41A4-A5FA-B3BCCEAEA519}
drwxrws---+ 4 3000015 > >>> 3000015 4096 Mai 26  2014 > >>>
{8DD38317-E675-4042-84DD-0CF499F8C5F1} drwxrws---+ 5 3000015 > >>>
3000015 4096 Mär 23  2015 > >>> {9C353A54-854E-4CA5-A038-98B5F935627A}
drwxrws---+ 4 3000015 > >>> 3000015 4096 Dez  3  2014 > >>>
{A42F9750-57C8-4E48-8928-EF22B6E27CAE} drwxrws---+ 5 3000015 > >>>
3000015 4096 Jun 16  2014 > >>> {EE730522-233D-47BB-A05C-058B5D9E10DB} >
>>> > >>> root at DKHHDC1:~# ls -l /var/lib/samba/sysvol/dkhh.local/ > >>>
insgesamt 24 drwxrws---+ 12 root 3000000 4096 Jan 29  2015 > >>>
Policies drwxrws---+  5 root 3000000 4096 Jun 30  2014 scripts > >>>
drwxrws---+ 10 root 3000000 4096 Mär 26  2013 StarterGPOs > >>> > >>>
YES I know .local is not a good choice, but it is as it is > >>> NOT my
choice > >>> > >>> All GPOs are working > >>> > >>> One more thing. The
old DC was a selfcompiled Samba 4 with > >>> /usr/local/samba/sysvol.
The new one is running the > >>> sernet-packeges with
/var/lib/samba/sysvol als path. > >>> > >>> Where should I look next? >
>>> > >>> > >>> Thank you > >>> > >>> Stefan > >>> > >> Hello, > > >>
Can you post your smb.conf? > > > Here are the smb.conf --------------#
Global parameters [global] > > workgroup = DKHH realm = dkhh.local
netbios name = DKHHDC2 server > > role = active directory domain
controller dns forwarder = > > 172.16.0.52 allow dns updates = nonsecure
> > > [netlogon] path = /var/lib/samba/sysvol/dkhh.local/scripts read >
> only = No write ok = Yes > > > [sysvol] path = /var/lib/samba/sysvol
read only = No write ok = > > Yes > > > > > > During the migration from
old samba4 self-compiled to new samba4 > Sernet-Packages one of the
GPO-Entries in > /var/lib/samba/sysvol/Policies/ was not copied. After
reinstalling the > missing GPO everything works fine. > > Stefan
>From past experience deleting or changing permissions on a GPO from
within the sysvol will prompt this error.

-- 
-James

More information about the samba mailing list