[Samba] sysvolreset error '{Operation Failed} The requested operation was unsuccessful.'
L.P.H. van Belle
belle at bazuin.nl
Mon Jul 23 14:45:03 UTC 2018
Hai,
Check these.
https://www.google.nl/search?biw=1680&bih=888&ei=0-hVW7zQMqzkkgWIjqawDA&q=site%3Asamba.org+sysvol+permission&oq=site%3Asamba.org+sysvol+permission&gs_l=psy-ab.3...5368.10525.0.11916.17.14.3.0.0.0.72.580.14.14.0....0...1c.1.64.psy-ab..0.0.0....0.Ot64q9CRMN8
https://www.google.nl/search?biw=1680&bih=888&ei=4OhVW4_xH5L5kwXizI7YCQ&q=site%3Asamba.org+sysvol+reset&oq=site%3Asamba.org+sysvol+reset&gs_l=psy-ab.3...14561.18658.0.19243.13.8.5.0.0.0.47.336.8.8.0....0...1c.1.64.psy-ab..0.0.0....0.fIvwA6AUPAo
The answer and workarounds are there.
This is discussed so much. (sorry).
Short version.
Dont run sysvolreset and has an bug.
Get the correct settings from my script.
https://github.com/thctlo/samba4/blob/master/samba-check-set-sysvol.sh
And if you want to apply them, change in the script:
APPLY_CHANGES_DIRECT="no" to yes.
> ***** huge lot of these lines...
> *****
> idmap range not specified for domain '*'
And i suggest, you post your smb.conf.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ing.
> Claudio Nicora via samba
> Verzonden: maandag 23 juli 2018 16:30
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] sysvolreset error '{Operation Failed} The
> requested operation was unsuccessful.'
>
> When I run samba-tool ntacl sysvolreset on my "secondary"
> Samba AD DC I
> get the error:
>
> ---
> ERROR(runtime): uncaught exception - (-1073741823,
> '{Operation Failed}
> The requested operation was unsuccessful.')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
> 239, in run
> lp, use_ntvfs=use_ntvfs)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1609, in setsysvolacl
> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
> use_ntvfs, passdb=s4_passdb)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1502, in set_gpos_acl
> use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
> service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
> line 162, in
> setntacl
> smbd.set_nt_acl(file, security.SECINFO_OWNER |
> security.SECINFO_GROUP | security.SECINFO_DACL |
> security.SECINFO_SACL,
> sd, service=service)
> ---
>
> AFAIK this error is thrown when the script tries to set an NT
> permission
> on a missing file;
> it usually happens when a new GPO is created on the primary
> DC and it's
> not yet replicated to other DCs, since sysvolreset uses AD to find
> defined GPO items.
> That said, I've cleaned up the whole sysvol folder on secondary DC,
> rsync'ed all its content from primary DC then rerun
> sysvolreset: same error.
> I've also run sysvolreset on the primary DC as well, and
> again I've got
> the same error.
>
> So now I suppose there's something wrong in AD, like an
> "orphaned" GPO.
> How do I know which GPO file is causing the error? (running
> samba-tool
> with "-d 10" parameter gives no clue.
>
> Full output (same on both DCs):
> -------------------------------
>
> # samba-tool ntacl sysvolreset -d 10
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> scavenger: 10
> dns: 10
> ldb: 10
> tevent: 10
> auth_audit: 10
> auth_json_audit: 10
> kerberos: 10
> drs_repl: 10
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Processing section "[global]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> pm_process() returned Yes
> Security token SIDs (1):
> SID[ 0]: S-1-5-18
> Privileges (0xFFFFFFFFFFFFFFFF):
> Privilege[ 0]: SeMachineAccountPrivilege
> Privilege[ 1]: SeTakeOwnershipPrivilege
> Privilege[ 2]: SeBackupPrivilege
> Privilege[ 3]: SeRestorePrivilege
> Privilege[ 4]: SeRemoteShutdownPrivilege
> Privilege[ 5]: SePrintOperatorPrivilege
> Privilege[ 6]: SeAddUsersPrivilege
> Privilege[ 7]: SeDiskOperatorPrivilege
> Privilege[ 8]: SeSecurityPrivilege
> Privilege[ 9]: SeSystemtimePrivilege
> Privilege[ 10]: SeShutdownPrivilege
> Privilege[ 11]: SeDebugPrivilege
> Privilege[ 12]: SeSystemEnvironmentPrivilege
> Privilege[ 13]: SeSystemProfilePrivilege
> Privilege[ 14]: SeProfileSingleProcessPrivilege
> Privilege[ 15]: SeIncreaseBasePriorityPrivilege
> Privilege[ 16]: SeLoadDriverPrivilege
> Privilege[ 17]: SeCreatePagefilePrivilege
> Privilege[ 18]: SeIncreaseQuotaPrivilege
> Privilege[ 19]: SeChangeNotifyPrivilege
> Privilege[ 20]: SeUndockPrivilege
> Privilege[ 21]: SeManageVolumePrivilege
> Privilege[ 22]: SeImpersonatePrivilege
> Privilege[ 23]: SeCreateGlobalPrivilege
> Privilege[ 24]: SeEnableDelegationPrivilege
> Rights (0x 0):
> lpcfg_servicenumber: couldn't find ldb
> Initial schema load needed, as we have no existing schema, seq_num: 1
> schema_fsmo_init: we are master[no] updates allowed[no]
> Initial schema load needed, as we have no existing schema, seq_num: 1
> schema_fsmo_init: we are master[no] updates allowed[no]
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows
> limit (16384)
> Processing section "[global]"
> doing parameter bind interfaces only = Yes
> doing parameter interfaces = lo eth_lan
> doing parameter netbios name = SRVSAMBA2
> doing parameter realm = SAMDOM.LOCAL
> doing parameter server role = active directory domain controller
> doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> doing parameter workgroup = SAMDOM
> doing parameter ldap server require strong auth = no
> doing parameter client ldap sasl wrapping = plain
> doing parameter log level = 2 vfs:1
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> *****
> ***** huge lot of these lines...
> *****
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> open: error=2 (No such file or directory)
> ERROR(runtime): uncaught exception - (-1073741823,
> '{Operation Failed}
> The requested operation was unsuccessful.')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
> 239, in run
> lp, use_ntvfs=use_ntvfs)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1609, in setsysvolacl
> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
> use_ntvfs, passdb=s4_passdb)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1502, in set_gpos_acl
> use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
> service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
> line 162, in
> setntacl
> smbd.set_nt_acl(file, security.SECINFO_OWNER |
> security.SECINFO_GROUP | security.SECINFO_DACL |
> security.SECINFO_SACL,
> sd, service=service)
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list