[Samba] ntacl sysvolreset - errors / patch?

Jonathan Hunter jmhunter1 at gmail.com
Sat Apr 13 11:51:08 UTC 2019 

Hi,

I am finally revisiting my sysvol share (GPOs haven't been working for
me for quite some time) and trying to get permissions sorted properly
on it.

For many years, "samba-tool ntacl sysvolreset" has always failed for
me with errors that I have been unable to solve. Previously I have
used guidance from Louis and got things working, but my sysvol is
currently in a broken state.

Most recent example (samba 4.10.1, just now) is below:
# samba-tool ntacl sysvolreset
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is
not found.')
  File "/usr/local/samba/lib/python3.4/site-packages/samba/netcmd/__init__.py",
line 185, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python3.4/site-packages/samba/netcmd/ntacl.py",
line 283, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib/python3.4/site-packages/samba/provision/__init__.py",
line 1733, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
  File "/usr/local/samba/lib/python3.4/site-packages/samba/provision/__init__.py",
line 1627, in set_gpos_acl
    passdb=passdb)
  File "/usr/local/samba/lib/python3.4/site-packages/samba/provision/__init__.py",
line 1590, in set_dir_acl
    setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs,
skip_invalid_chown=True, passdb=passdb, service=service)
  File "/usr/local/samba/lib/python3.4/site-packages/samba/ntacls.py",
line 230, in setntacl
    service=service, session_info=session_info)

I found someone else's patch which I think would help me greatly, but
this seems to be targeted against 4.6.1.
https://forge.univention.org/bugzilla/show_bug.cgi?id=38217

Before I spend too much time looking into this - is any "resume on
error" functionality present in sysvolreset? Or should I try and take
the above patch and see if I can get it working?

There was another thread I found, which made the very good suggestion
that it would really help if the failing file in question was printed
to stderr, at least that might give a clue as to where things were
going wrong.

I figured I'd first of all ask if this work has already been done,
rather than starting from scratch myself.. :)

Cheers

Jonathan

-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

More information about the samba mailing list