[Samba] Error with "samba-tool ntacl get --as-sddl"

Rowland penny rpenny at samba.org
Wed May 18 08:07:14 UTC 2016

On 18/05/16 00:02, Miguel Medalha wrote:
> On two Samba 4.4.2/4.4.3 member servers, "samba-tool ntacl get 
> --as-sddl" gives the following error:
> ERROR: Unable to read domain SID from configuration files
> Which configuration files is it referring to?
> Without "--as-sddl" the command gives a correct output.
> It would be nice to get the permissions in sddl format...
> The same command works as expected on two AC DCs.

Hi, this is because when you use '--as-sddl', the python code does this:

         if as_sddl:
                 domain_sid = security.dom_sid(samdb.domain_sid)
                 raise CommandError("Unable to read domain SID from 
configuration files")

Or to put it in English, it tries to get the Domain SID from sam.ldb and 
this doesn't exist on a member server.


More information about the samba mailing list