[Samba] Error with "samba-tool ntacl get --as-sddl"
Rowland penny
rpenny at samba.org
Wed May 18 08:07:14 UTC 2016
On 18/05/16 00:02, Miguel Medalha wrote:
> On two Samba 4.4.2/4.4.3 member servers, "samba-tool ntacl get
> --as-sddl" gives the following error:
>
> ERROR: Unable to read domain SID from configuration files
>
> Which configuration files is it referring to?
>
> Without "--as-sddl" the command gives a correct output.
>
> It would be nice to get the permissions in sddl format...
>
> The same command works as expected on two AC DCs.
>
>
Hi, this is because when you use '--as-sddl', the python code does this:
if as_sddl:
try:
domain_sid = security.dom_sid(samdb.domain_sid)
except:
raise CommandError("Unable to read domain SID from
configuration files")
self.outf.write(acl.as_sddl(domain_sid)+"\n")
Or to put it in English, it tries to get the Domain SID from sam.ldb and
this doesn't exist on a member server.
Rowland
More information about the samba
mailing list