[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND

L.P.H. van Belle belle at bazuin.nl
Tue May 25 12:30:06 UTC 2021


> > it seems to me 
> > that it solved, even before the ids being the same in DC1 
> and DC2,

:-/ Seems not,.. So.. Did you do exactly as asked? 

Imagine id 300002 on DC1 is  Administrators and on DC2 its GUESTS.. 
What do you think will happen.. ;-) 

Read my mail and instructions again please. 
Because you MUST have idmap in sync. 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Carlos via samba
> Verzonden: dinsdag 25 mei 2021 14:24
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
> 
> Hi
> 
> I rebooted machine, and erro again  for load gpo.... :-(
> 
> I think is problema is sysvolreset....
> 
> 
> regrads;
> 
> 
> 
> Em 25/05/2021 09:16, Carlos escreveu:
> > HI!
> >
> > Good morning Louis :-D
> >
> > In Samba ADDC I did not configure (I understood that I didn?t need) 
> > the nsswitch part, but I did it now in DC 1 and DC2, it seems to me 
> > that it solved, even before the ids being the same in DC1 
> and DC2, now 
> > it remains the same with names, but gpupdate no longer gave 
> an error 
> > and successfully loaded the police \ o /
> >
> > But the samba-tool ntacl sysvolreset gave a different 
> error, it was in 
> > a loop with this message "idmap range not specified for 
> domain '*'", 
> > but im smb.conf of an ADDC if the idmap is not configured as I 
> > remember, at least I I never did it and I didn't even see it in the 
> > documentation.
> >
> > Is something else wrong now?
> >
> > Regards;
> >
> >
> >
> > Em 25/05/2021 04:14, L.P.H. van Belle via samba escreveu:
> >> Good morning Carlos, ( at last morning for me. )
> >>
> >> Im wondering why you only see UID's and not at least few groups in 
> >> the output.
> >> Did you configure nssswitch.conf ?
> >>
> >>
> >> Did you verify this :
> >>
> >> Please check your share rights for sysvol from within windows.
> >> If these are incorrect, correct them and run this script again.
> >> Set your sysvol SHARE permissions as followed.
> >> EVERYONE: READ
> >> Authenticated Users: FULL CONTROL
> >> (BUILTIN or NTDOM)\Administrators: FULL CONTROL
> >> (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
> >> User/Group system is added compaired to a win2008R2 
> sysvol, you need
> >> this for some GPO settings.
> >>
> >> Set your sysvol FOLDER permissions as followed.
> >> Authenticated Users: Read & Exec, Show folder content, Read
> >> (BUILTIN or NTDOM)\Administrators: FULL CONTROL
> >> (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
> >>
> >>
> >> Greetz,
> >>
> >> Louis
> >>
> >>
> >>> -----Oorspronkelijk bericht-----
> >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >>> Carlos via samba
> >>> Verzonden: vrijdag 21 mei 2021 20:29
> >>> Aan: samba at lists.samba.org
> >>> Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
> >>>
> >>> Yes, in DC1 and DC2, sysvol is equal(i think)
> >>>
> >>> DC1 :
> >>>
> >>> getfacl
> >>> /usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/\{D
> >>> 79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
> >>>
> >>> getfacl: Removing leading '/' from absolute path names
> >>> # file:
> >>> usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/{D79B
> >>> 199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
> >>> # owner: 3000008
> >>> # group: 3000008
> >>> user::rwx
> >>> user:3000002:rwx
> >>> user:3000006:rwx
> >>> user:3000010:r-x
> >>> user:3000018:r-x
> >>> user:3000776:r-x
> >>> group::rwx
> >>> group:3000002:rwx
> >>> group:3000006:rwx
> >>> group:3000008:rwx
> >>> group:3000010:r-x
> >>> group:3000018:r-x
> >>> group:3000776:r-x
> >>> mask::rwx
> >>> other::---
> >>>
> >>> samba-tool  gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
> >>> GPO          : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
> >>> display name : GPO_XXX_XXX_128
> >>> path         :
> >>> \\xxx.xxx.com.br\SysVol\xxxx.xxxx.com.br\Policies\{D79B199C-B2
> >>> CC-4A0C-A0AB-DBF6C8C9FBAC}
> >>> dn           :
> >>> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
> >>> m,DC=xxxx,DC=xxxx,DC=com,DC=br
> >>> version      : 2359302
> >>> flags        : NONE
> >>> ACL          : <hidden>
> >>>
> >>> -------------------------
> >>>
> >>> DC2
> >>>
> >>> getfacl
> >>> /usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/\{D7
> >>> 9B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
> >>> getfacl: Removing leading '/' from absolute path names
> >>> # file:
> >>> usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/{D79
> >>> B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
> >>> # owner: 3000008
> >>> # group: 3000008
> >>> user::rwx
> >>> user:3000002:rwx
> >>> user:3000006:rwx
> >>> user:3000010:r-x
> >>> user:3000018:r-x
> >>> user:3000776:r-x
> >>> group::rwx
> >>> group:3000002:rwx
> >>> group:3000006:rwx
> >>> group:3000008:rwx
> >>> group:3000010:r-x
> >>> group:3000018:r-x
> >>> group:3000776:r-x
> >>> mask::rwx
> >>> other::---
> >>>
> >>>
> >>> samba-tool  gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
> >>> GPO          : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
> >>> display name : XXXX_XXXX_UNIDADE_128
> >>> path         :
> >>> \\xxxx.xxxx.com.br\SysVol\xxx.xxxx.com.br\Policies\{D79B199C-B
> >>> 2CC-4A0C-A0AB-DBF6C8C9FBAC}
> >>> dn           :
> >>> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
> >>> m,DC=grupo,DC=xxxx,DC=com,DC=br
> >>> version      : 2359302
> >>> flags        : NONE
> >>> ACL          : <hidden>
> >>>
> >>>
> >>> =========================
> >>>
> >>>
> >>> regards
> >>>
> >>>
> >>> Em 21/05/2021 14:58, Rowland penny via samba escreveu:
> >>>> On 21/05/2021 18:44, Carlos via samba wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I tried sync idmap.ldb yesterday (but with command tdb
> >>> backups .bak
> >>>>> /usr/local/samba/private/idmap.ldb) ante copy dc1 to dc2,
> >>> but error
> >>>>> continued.
> >>>>>
> >>>>> I runed script:
> >>>>
> >>>> GPO's are stored in two places, on disk in the sysvol
> >>> directory and in
> >>>> AD. The error 'NT_STATUS_OBJECT_NAME_NOT_FOUND' usually 
> occurs when
> >>>> the GPO is in AD, but not in sysvol. Have you checked the GPO is
> >>>> visible in sysvol ?
> >>>>
> >>>> Rowland
> >>>>
> >>>>
> >>>>
> >>> -- 
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/options/samba
> >>>
> >>>
> >>
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list