[Samba] sysvolreset command result in "Undetermined error"

Elias Pereira empbilly at gmail.com
Wed Jun 7 23:36:40 UTC 2017 

Rowland,

I solved this problem by removing old entries as you mentioned.

Now the problem is that I lost access to my fileserver. I do not know why.
If there is a problem with GPO. :(

log:

[2017/06/07 20:26:50.620631,  3] ../source3/smbd/oplock.c:1301(init_oplocks)
  init_oplocks: initializing messages.
[2017/06/07 20:26:50.620835,  3] ../source3/smbd/process.c:1957(process_smb)
  Transaction 0 of length 137 (0 toread)
[2017/06/07 20:26:50.620898,  3]
../source3/smbd/process.c:1538(switch_message)
  switch message SMBnegprot (pid 1488) conn 0x0
[2017/06/07 20:26:50.622602,  3]
../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2017/06/07 20:26:50.622645,  3]
../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [LANMAN1.0]
[2017/06/07 20:26:50.622667,  3]
../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2017/06/07 20:26:50.622678,  3]
../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [LM1.2X002]
[2017/06/07 20:26:50.622691,  3]
../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [LANMAN2.1]
[2017/06/07 20:26:50.622712,  3]
../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [NT LM 0.12]
[2017/06/07 20:26:50.622822,  5]
../source3/auth/auth.c:477(make_auth_context_subsystem)
  Making default auth method list for server role = 'domain member'
[2017/06/07 20:26:50.622854,  5]
../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend trustdomain
[2017/06/07 20:26:50.622915,  5]
../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'trustdomain'
[2017/06/07 20:26:50.622930,  5]
../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend ntdomain
[2017/06/07 20:26:50.622958,  5]
../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'ntdomain'
[2017/06/07 20:26:50.622970,  5]
../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend guest
[2017/06/07 20:26:50.622980,  5]
../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'guest'
[2017/06/07 20:26:50.622995,  5]
../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend sam
[2017/06/07 20:26:50.623004,  5]
../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'sam'
[2017/06/07 20:26:50.623026,  5]
../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend sam_ignoredomain
[2017/06/07 20:26:50.623056,  5]
../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'sam_ignoredomain'
[2017/06/07 20:26:50.623081,  5]
../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend winbind
[2017/06/07 20:26:50.623102,  5]
../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'winbind'
[2017/06/07 20:26:50.623110,  5]
../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend unix
[2017/06/07 20:26:50.623120,  5]
../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'unix'
[2017/06/07 20:26:50.623133,  5]
../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend wbc
[2017/06/07 20:26:50.623141,  5]
../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'wbc'
[2017/06/07 20:26:50.623151,  5]
../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2017/06/07 20:26:50.623162,  5]
../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2017/06/07 20:26:50.623187,  5]
../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2017/06/07 20:26:50.623197,  5]
../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2017/06/07 20:26:50.623207,  5]
../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match
winbind:ntdomain
[2017/06/07 20:26:50.623216,  5]
../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match ntdomain
[2017/06/07 20:26:50.623227,  5]
../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method ntdomain has a valid init
[2017/06/07 20:26:50.623247,  5]
../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method winbind has a valid init
[2017/06/07 20:26:50.670223,  3] ../source3/smbd/negprot.c:394(reply_nt1)
  using SPNEGO
[2017/06/07 20:26:50.670256,  3]
../source3/smbd/negprot.c:744(reply_negprot)
  Selected protocol NT LM 0.12
[2017/06/07 20:26:50.697366,  3] ../source3/smbd/process.c:1957(process_smb)
  Transaction 1 of length 1784 (0 toread)
[2017/06/07 20:26:50.697399,  3]
../source3/smbd/process.c:1538(switch_message)
  switch message SMBsesssetupX (pid 1488) conn 0x0
[2017/06/07 20:26:50.697433,  3]
../source3/smbd/sesssetup.c:623(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2017/06/07 20:26:50.697466,  2]
../source3/smbd/sesssetup.c:563(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2017/06/07 20:26:50.697477,  3]
../source3/smbd/sesssetup.c:140(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2017/06/07 20:26:50.697493,  3]
../source3/smbd/sesssetup.c:181(reply_sesssetup_and_X_spnego)
  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2017/06/07 20:26:50.697634,  5]
../source3/auth/auth.c:477(make_auth_context_subsystem)
  Making default auth method list for server role = 'domain member'
[2017/06/07 20:26:50.697661,  5]
../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2017/06/07 20:26:50.697672,  5]
../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2017/06/07 20:26:50.697681,  5]
../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2017/06/07 20:26:50.697693,  5]
../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2017/06/07 20:26:50.697711,  5]
../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match
winbind:ntdomain
[2017/06/07 20:26:50.697720,  5]
../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match ntdomain
[2017/06/07 20:26:50.697736,  5]
../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method ntdomain has a valid init
[2017/06/07 20:26:50.697746,  5]
../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method winbind has a valid init
[2017/06/07 20:26:50.743116,  1]
../source3/librpc/crypto/gse.c:646(gse_get_server_auth_token)
  gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/fileserver.addc.poa.ifrs.edu.br at ADDC.POA.IFRS.EDU.BR(kvno
2) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2017/06/07 20:26:50.743154,  1]
../auth/gensec/spnego.c:569(gensec_spnego_parse_negTokenInit)
  SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
[2017/06/07 20:26:50.743211,  2]
../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_LOGON_FAILURE
[2017/06/07 20:26:50.743263,  3]
../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/sesssetup.c(277) cmd=115
(SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2017/06/07 20:26:50.750510,  3]
../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (failed to receive smb request)

On Wed, Jun 7, 2017 at 2:36 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Wed, 7 Jun 2017 14:16:31 -0300
> Elias Pereira via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> >
> > I deleted some GPOs via ADUC. After that I also deleted the folder
> > for each GPO. I do not know if that was correct to do! :(
> >
> > Now when I run the samba-tool command ntacl sysvolreset, the following
> > error occurs.
> >
> > root at DC1:~# samba-tool ntacl sysvolreset
> > *open: error=2 (No such file or directory)*
> > ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined
> > error') File
> > "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> > 176, in _run return self.run(*args, **kwargs)
> >   File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
> > 239, in run
> >     lp, use_ntvfs=use_ntvfs)
> >   File
> > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> > 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid,
> > domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
> >   File
> > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> > 1514, in set_gpos_acl passdb=passdb)
> >   File
> > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> > 1477, in set_dir_acl setntacl(lp, path, acl, domsid,
> > use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
> > service=service) File
> > "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 128, in
> > setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER
> > |security.SECINFO_GROUP | security.SECINFO_DACL |
> > security.SECINFO_SACL, sd2, service=service)
> >
>
> You still have the GPO objects in AD, you will need to find these and
> remove them.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Elias Pereira

More information about the samba mailing list