[Samba] sysvolreset doesn't reset all ACLs

Sven Schwedas sven.schwedas at tao.at
Thu Aug 24 10:03:42 UTC 2017


> root at graz-dc-1b:~# samba --version
> Version 4.5.8-Debian
> root at graz-dc-1b:~# samba-tool ntacl sysvolreset && echo "no error"
> no error
> root at graz-dc-1b:~# samba-tool ntacl sysvolcheck 
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/ad.tao.at/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 270, in run
>     lp)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1723, in checksysvolacl
>     direct_db_access)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1674, in check_gpos_acl
>     domainsid, direct_db_access)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1621, in check_dir_acl
>     raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))

Where does the error come from, and why doesn't sysvolreset fix it?

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167



More information about the samba mailing list