[Samba] GPO-Error (solved)
Stefan Kania
stefan at kania-online.de
Thu May 16 12:46:24 UTC 2019
Hi Louis,
it's working again :-). We crested some OUs and moved the users into the
new OUs, created some GPOs and suddenly the GPOs were not working
anymore, so I checked on the commandline with samba-tool and run into
this error. Now we moved all users back to "cn=users" and checkt the
GOPs again and then it was working. So we moved all users back to
"cn=users" all Hosts back to "cn=Computers" deleted the OU-structure and
recreated the structure, moved all users and Host back into the
structure and it was working again. We did not foul around with sides,
we just created OUs, users and GPOs. Strange things happens sometimes
;-). As long as it's working again everything is fine.
Stefan
Am 16.05.19 um 13:52 schrieb L.P.H. van Belle via samba:
> Ok, so yesterday it worked.
>
> Can you run this for me and mail me the output, i have a quick check.
>
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
>
> And
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-db-repl.sh
>
> Last, have you check for corrupted filesystem and/or file/folders?
> Any updates done last days?
>
> Now maybe, just maybe, and this is a thing i cant check, because if have only AMD cpus in my servers.
>
> Source: https://www.debian.org/security/2019/dsa-4447
> CVE dictionary: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
> Update for CPU microcode for most types of Intel CPUs.
> It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.
> To fully resolve these vulnerabilities it is also necessary to update the Linux kernel packages as released in DSA 4444.
>
> So check if you kernels are up2date the needed microcode is installed also.
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Stefan Kania via samba
>> Verzonden: donderdag 16 mei 2019 13:41
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] GPO-Error
>>
>> Huhu Louis,
>>
>> We use your wonderful packages ;-) 4.10. We have 4 different
>> Installations with 2 DCs each, 3 are running with no problem and just
>> one setup is not working. It worked yesterday. The list of the
>> python-packages installed is different but the same on all
>> other working
>> setups.
>> So I think the problem must be some were else.
>>
>> Stefan
>>
>> Am 16.05.19 um 13:27 schrieb L.P.H. van Belle via samba:
>>> Hai Stefan,
>>>
>>> What is the samba version your running now?
>>>
>>> Im now at 4.10.3 with my DC's and the command :
>>> samba-tool gpo list username
>>> Then it does show the GPO's for the user.
>>>
>>> If you on 4.10, check if these are installed :
>>>
>>> ii python3 3.5.3-1
>> amd64 interactive high-level object-oriented
>> language (default python3 version)
>>> ii python3-apt 1.4.0~beta3
>> amd64 Python 3 interface to libapt-pkg
>>> ii python3-cffi 1.9.1-2
>> all Foreign Function Interface for Python 3
>> calling C code
>>> ii python3-cffi-backend 1.9.1-2
>> amd64 Foreign Function Interface for Python 3
>> calling C code - runtime
>>> ii python3-crypto 2.6.1-7
>> amd64 cryptographic algorithms and protocols
>> for Python 3
>>> ii python3-dnspython 1.15.0-1+deb9u1
>> all DNS toolkit for Python 3
>>> ii python3-ldb 2:1.5.4-1debian2
>> amd64 Python 3 bindings for LDB
>>> ii python3-markdown 2.6.8-1
>> all text-to-HTML conversion library/tool
>> (Python 3 version)
>>> ii python3-minimal 3.5.3-1
>> amd64 minimal subset of the Python language
>> (default python3 version)
>>> ii python3-pkg-resources 33.1.1-1
>> all Package Discovery and Resource Access
>> using pkg_resources
>>> ii python3-ply 3.9-1
>> all Lex and Yacc implementation for Python3
>>> ii python3-pycparser 2.17-2
>> all C parser in Python 3
>>> ii python3-pygments 2.2.0+dfsg-1
>> all syntax highlighting package written in Python 3
>>> ii python3-samba 2:4.10.3+nmu-1debian1
>> amd64 Python 3 bindings for Samba
>>> ii python3-talloc 2.1.16-0nmu1~deb9
>> amd64 hierarchical pool based memory allocator
>> - Python3 bindings
>>> ii python3-tdb 1.3.18-0.1nmu0~deb9
>> amd64 Python3 bindings for TDB
>>> ii python3-xattr 0.9.1-1
>> amd64 module for manipulating filesystem
>> extended attributes - Python 3
>>> ii python3-yaml 3.12-1
>> amd64 YAML parser and emitter for Python3
>>> ii python3.5 3.5.3-1+deb9u1
>> amd64 Interactive high-level object-oriented
>> language (version 3.5)
>>> ii python3.5-minimal 3.5.3-1+deb9u1
>> amd64 Minimal subset of the Python language
>> (version 3.5)
>>>
>>> A part of the output of my DC.
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>> Stefan Kania via samba
>>>> Verzonden: donderdag 16 mei 2019 10:00
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: [Samba] GPO-Error
>>>>
>>>> Hello,
>>>>
>>>> I have the following error when checking for GPOs for a
>> single user,
>>>> listing all GPOs is working:
>>>> ------------------
>>>>
>>>> root at tn2-debian1:~# samba-tool gpo listall
>>>> GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
>>>> display name : Default Domain Policy
>>>> path :
>>>> \\example2.net\sysvol\example2.net\Policies\{31B2F340-016D-11D
>>>> 2-945F-00C04FB984F9}
>>>> dn :
>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
>>>> m,DC=example2,DC=net
>>>> version : 0
>>>> flags : NONE
>>>>
>>>> GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
>>>> display name : Default Domain Controllers Policy
>>>> path :
>>>> \\example2.net\sysvol\example2.net\Policies\{6AC1786C-016F-11D
>>>> 2-945F-00C04FB984F9}
>>>> dn :
>>>> CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
>>>> m,DC=example2,DC=net
>>>> version : 0
>>>> flags : NONE
>>>>
>>>> root at tn2-debian1:~# samba-tool gpo list u11
>>>> ERROR(runtime): uncaught exception - Badly formed gPLink ' '
>>>> File
>> "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
>>>> 185, in _run
>>>> return self.run(*args, **kwargs)
>>>> File
>> "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line 519,
>>>> in run
>>>> glist = parse_gplink(str(msg['gPLink'][0]))
>>>> File
>> "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line 102,
>>>> in parse_gplink
>>>> raise RuntimeError("Badly formed gPLink '%s'" % g)
>>>>
>>>> ------------------
>>>> I've never seen this massage before :-( Any hint?
>>>>
>>>> Stefan
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>
>>>
>>
>> --
>> Stefan Kania
>> Landweg 13
>> 25693 St. Michaelisdonn
>>
>>
>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>
>> Mein Schlüssel liegt auf
>>
>> hkp://subkeys.pgp.net
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org
Mein Schlüssel liegt auf
hkp://subkeys.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20190516/c9d961e7/signature.sig>
More information about the samba
mailing list