[Samba] samba-tool ntacl sysvolreset - NT_STATUS_BUFFER_TOO_SMALL

Jonathan Hunter jmhunter1 at gmail.com
Sun Sep 11 21:55:02 UTC 2016 

Hi,

After making progress with my scripts for software installation (thanks,
Rowland!) I am on a bit of a mission to get things working again.

I found that permissions on my sysvol share were somehow incorrect (group
ownership was root, etc.) so I ran 'samba-tool ntacl sysvolreset'.. however
this now fails with the following error. (I'm on Samba 4.5.0)

user at dc2:~ $ sudo /usr/local/samba/bin/samba-tool ntacl sysvolreset
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_BUFFER_TOO_SMALL.
ERROR(runtime): uncaught exception - (-1073741789, 'Buffer too small')
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line
239, in run
    lp, use_ntvfs=use_ntvfs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1606, in setsysvolacl
    passdb=s4_passdb, service=SYSVOL_SERVICE)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line
162, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP |
security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)

I'm not really sure what might be causing this.. I have a '-d10' trace, and
the last section before the exception is as follows:

et_nt_acl_internal: name=/usr/local/samba/var/locks/sysvol/
mydomain.org.uk/Policies/{11111111-2222-3333-4444-555555555555}/Machine
ndr_pull_error(11): Pull bytes 2 (../librpc/ndr/ndr_basic.c:107)
parse_acl_blob: ndr_pull_xattr_NTACL failed: Buffer Size Error
validate_nt_acl_blob: parse_acl_blob returned NT_STATUS_BUFFER_TOO_SMALL
get_nt_acl_internal: ACL validation for [/usr/local/samba/var/locks/sysvol/
n-client.ninja.org.uk/Policies/{11111111-2222-3333-4444-555555555555}/Machine]
failed
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_BUFFER_TOO_SMALL.
delete_lock_ref_count for file /usr/local/samba/var/locks/sysvol/
n-client.ninja.org.uk/Policies/{11111111-2222-3333-4444-555555555555}/Machine

I don't really know where to look next, though..

Cheers,

Jonathan

--
"If we knew what it was we were doing, it would not be called research,
would it?"
      - Albert Einstein

More information about the samba mailing list