[Samba] Everyone ACL problem

Kévin GUERINEAU kevin.guerineau at infolix.fr
Sat Nov 26 11:28:19 UTC 2016


Yes, I have. But nothing change...

Kevin

Le 26/11/2016 à 12:08, Rowland Penny via samba a écrit :
> On Sat, 26 Nov 2016 11:44:50 +0100
> Kévin GUERINEAU via samba <samba at lists.samba.org> wrote:
>
>> Hello list,
>>
>> I have problems with my PDC Samba Servers and all file servers.
>> All DC Server have a compiled Samba 4.4.5. File servers have Samba
>> Debian packages.
>>
>> In all shared folders, the ACL has the group "Everyone" and I can't
>> remove it.
>> The biggest problem concern SYSVOL, I can't modify GPO, I have an
>> error in MMC.
>> I have tried to resolv the problem with the "samba-tool ntacl
>> sysvolreset" command but it didn't resolv anything.
>>
>>
>> #samba-tool ntacl sysvolcheck
>> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
>> exception - ProvisioningError: DB ACL on GPO file
>> //usr/local/samba/var/locks/sysvol/campuslr.cma17/Policies//{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Preferences/Groups/Groups.xml
>> O:BAG:DUD:(A;;0x001f01ff;;;DA)(A;;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;;0x001f01ff;;;SY)(A;;0x001200a9;;;AU)(A;;0x001200a9;;;ED)
>> does not match expected value
>> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
>> from GPO object
>>     File
>> "//usr/local/samba/lib/python2.7/site-packages/samba/netcmd//__init__.py",
>> line 175, in _run
>>       return self.run(*args, **kwargs)
>>     File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
>> line 270, in run
>>       lp)
>>     File
>> "//usr/local/samba/lib/python2.7/site-packages/samba/provision//__init__.py",
>> line 1732, in checksysvolacl
>>       direct_db_access)
>>     File
>> "//usr/local/samba/lib/python2.7/site-packages/samba/provision//__init__.py",
>> line 1683, in check_gpos_acl
>>       domainsid, direct_db_access)
>>     File
>> "//usr/local/samba/lib/python2.7/site-packages/samba/provision//__init__.py",
>> line 1640, in check_dir_acl
>>       raise ProvisioningError('%s ACL on GPO file %s %s does not match
>> expected value %s from GPO object' % (acl_type(direct_db_access),
>> os.path.join(root, name), fsacl_sddl, acl))
>>
>> # samba-tool dbcheck
>> Checking 2591 objects
>> Checked 2591 objects (0 errors)
>>
>> # samba-tool gpo aclcheck
>> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
>> element' File
>> "//usr/local/samba/lib/python2.7/site-packages/samba/netcmd//__init__.py",
>> line 175, in _run
>>       return self.run(*args, **kwargs)
>>     File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/gpo.py",
>> line 1150, in run
>>       ds_sd_ndr = m['nTSecurityDescriptor'][0]
>>
>>
>> I tried to reinstall DC2, but then the problem extended itself to DC2.
>> I have the same problem on the fileservers.
>> I don't know where is the problem. Moreover I have a second Samba
>> domain without this problem.
>>
>> Best regards,
>> Kevin
> Have you tried 'samba-tool ntacl sysvolreset'
>
> Rowland
>
> PS Don't refer to your AD DC as a PDC, that is something else
> entirely ;-)
>




More information about the samba mailing list