[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND

Carlos carlos.hollow at gmail.com
Tue May 25 12:28:38 UTC 2021 

Hi!

sysvolreset outup now:


samba-tool ntacl sysvolreset

...

...

idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is 
not found.')
   File 
"/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/__init__.py", 
line 186, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/ntacl.py", 
line 412, in run
     provision.setsysvolacl(samdb, netlogon, sysvol,
   File 
"/usr/local/samba/lib/python3.8/site-packages/samba/provision/__init__.py", 
line 1754, in setsysvolacl
     set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, 
use_ntvfs, passdb=s4_passdb)
   File 
"/usr/local/samba/lib/python3.8/site-packages/samba/provision/__init__.py", 
line 1641, in set_gpos_acl
     set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
   File 
"/usr/local/samba/lib/python3.8/site-packages/samba/provision/__init__.py", 
line 1604, in set_dir_acl
     setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs, 
skip_invalid_chown=True, passdb=passdb, service=service)
   File "/usr/local/samba/lib/python3.8/site-packages/samba/ntacls.py", 
line 230, in setntacl
     smbd.set_nt_acl(


Regards;



Em 25/05/2021 09:23, Carlos escreveu:
> Hi
>
> I rebooted machine, and erro again  for load gpo.... :-(
>
> I think is problema is sysvolreset....
>
>
> regrads;
>
>
>
> Em 25/05/2021 09:16, Carlos escreveu:
>> HI!
>>
>> Good morning Louis :-D
>>
>> In Samba ADDC I did not configure (I understood that I didn’t need) 
>> the nsswitch part, but I did it now in DC 1 and DC2, it seems to me 
>> that it solved, even before the ids being the same in DC1 and DC2, 
>> now it remains the same with names, but gpupdate no longer gave an 
>> error and successfully loaded the police \ o /
>>
>> But the samba-tool ntacl sysvolreset gave a different error, it was 
>> in a loop with this message "idmap range not specified for domain 
>> '*'", but im smb.conf of an ADDC if the idmap is not configured as I 
>> remember, at least I I never did it and I didn't even see it in the 
>> documentation.
>>
>> Is something else wrong now?
>>
>> Regards;
>>
>>
>>
>> Em 25/05/2021 04:14, L.P.H. van Belle via samba escreveu:
>>> Good morning Carlos, ( at last morning for me. )
>>>
>>> Im wondering why you only see UID's and not at least few groups in 
>>> the output.
>>> Did you configure nssswitch.conf ?
>>>
>>>
>>> Did you verify this :
>>>
>>> Please check your share rights for sysvol from within windows.
>>> If these are incorrect, correct them and run this script again.
>>> Set your sysvol SHARE permissions as followed.
>>> EVERYONE: READ
>>> Authenticated Users: FULL CONTROL
>>> (BUILTIN or NTDOM)\Administrators: FULL CONTROL
>>> (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
>>> User/Group system is added compaired to a win2008R2 sysvol, you need
>>> this for some GPO settings.
>>>
>>> Set your sysvol FOLDER permissions as followed.
>>> Authenticated Users: Read & Exec, Show folder content, Read
>>> (BUILTIN or NTDOM)\Administrators: FULL CONTROL
>>> (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>> Carlos via samba
>>>> Verzonden: vrijdag 21 mei 2021 20:29
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
>>>>
>>>> Yes, in DC1 and DC2, sysvol is equal(i think)
>>>>
>>>> DC1 :
>>>>
>>>> getfacl
>>>> /usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/\{D
>>>> 79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
>>>>
>>>> getfacl: Removing leading '/' from absolute path names
>>>> # file:
>>>> usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/{D79B
>>>> 199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
>>>> # owner: 3000008
>>>> # group: 3000008
>>>> user::rwx
>>>> user:3000002:rwx
>>>> user:3000006:rwx
>>>> user:3000010:r-x
>>>> user:3000018:r-x
>>>> user:3000776:r-x
>>>> group::rwx
>>>> group:3000002:rwx
>>>> group:3000006:rwx
>>>> group:3000008:rwx
>>>> group:3000010:r-x
>>>> group:3000018:r-x
>>>> group:3000776:r-x
>>>> mask::rwx
>>>> other::---
>>>>
>>>> samba-tool  gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>> GPO          : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>> display name : GPO_XXX_XXX_128
>>>> path         :
>>>> \\xxx.xxx.com.br\SysVol\xxxx.xxxx.com.br\Policies\{D79B199C-B2
>>>> CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>> dn           :
>>>> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
>>>> m,DC=xxxx,DC=xxxx,DC=com,DC=br
>>>> version      : 2359302
>>>> flags        : NONE
>>>> ACL          : <hidden>
>>>>
>>>> -------------------------
>>>>
>>>> DC2
>>>>
>>>> getfacl
>>>> /usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/\{D7
>>>> 9B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
>>>> getfacl: Removing leading '/' from absolute path names
>>>> # file:
>>>> usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/{D79
>>>> B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
>>>> # owner: 3000008
>>>> # group: 3000008
>>>> user::rwx
>>>> user:3000002:rwx
>>>> user:3000006:rwx
>>>> user:3000010:r-x
>>>> user:3000018:r-x
>>>> user:3000776:r-x
>>>> group::rwx
>>>> group:3000002:rwx
>>>> group:3000006:rwx
>>>> group:3000008:rwx
>>>> group:3000010:r-x
>>>> group:3000018:r-x
>>>> group:3000776:r-x
>>>> mask::rwx
>>>> other::---
>>>>
>>>>
>>>> samba-tool  gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>> GPO          : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>> display name : XXXX_XXXX_UNIDADE_128
>>>> path         :
>>>> \\xxxx.xxxx.com.br\SysVol\xxx.xxxx.com.br\Policies\{D79B199C-B
>>>> 2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>> dn           :
>>>> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
>>>> m,DC=grupo,DC=xxxx,DC=com,DC=br
>>>> version      : 2359302
>>>> flags        : NONE
>>>> ACL          : <hidden>
>>>>
>>>>
>>>> =========================
>>>>
>>>>
>>>> regards
>>>>
>>>>
>>>> Em 21/05/2021 14:58, Rowland penny via samba escreveu:
>>>>> On 21/05/2021 18:44, Carlos via samba wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I tried sync idmap.ldb yesterday (but with command tdb
>>>> backups .bak
>>>>>> /usr/local/samba/private/idmap.ldb) ante copy dc1 to dc2,
>>>> but error
>>>>>> continued.
>>>>>>
>>>>>> I runed script:
>>>>>
>>>>> GPO's are stored in two places, on disk in the sysvol
>>>> directory and in
>>>>> AD. The error 'NT_STATUS_OBJECT_NAME_NOT_FOUND' usually occurs when
>>>>> the GPO is in AD, but not in sysvol. Have you checked the GPO is
>>>>> visible in sysvol ?
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>>>
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>

More information about the samba mailing list