[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
Carlos
carlos.hollow at gmail.com
Tue May 25 12:41:04 UTC 2021
Hi!
Thanks again!
Yes, I synchronized the idmap several times, including promoting the dc
and promoting it again (changing name and just keeping IP).
DC 1
getfacl /usr/local/samba/var/locks/sysvol
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: BUILTIN\\administrators
user::rwx
user:root:rwx
user:BUILTIN\\administrators:rwx
user:BUILTIN\\server\040operators:r-x
user:NT\040AUTHORITY\\system:rwx
user:NT\040AUTHORITY\\authenticated\040users:r-x
group::rwx
group:BUILTIN\\administrators:rwx
group:BUILTIN\\server\040operators:r-x
group:NT\040AUTHORITY\\system:rwx
group:NT\040AUTHORITY\\authenticated\040users:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\\administrators:rwx
default:user:BUILTIN\\server\040operators:r-x
default:user:NT\040AUTHORITY\\system:rwx
default:user:NT\040AUTHORITY\\authenticated\040users:r-x
default:group::---
default:group:BUILTIN\\administrators:rwx
default:group:BUILTIN\\server\040operators:r-x
default:group:NT\040AUTHORITY\\system:rwx
default:group:NT\040AUTHORITY\\authenticated\040users:r-x
default:mask::rwx
default:other::---
DC 2
getfacl /usr/local/samba/var/locks/sysvol
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: BUILTIN\\administrators
user::rwx
user:root:rwx
user:BUILTIN\\administrators:rwx
user:BUILTIN\\server\040operators:r-x
user:NT\040AUTHORITY\\system:rwx
user:NT\040AUTHORITY\\authenticated\040users:r-x
group::rwx
group:BUILTIN\\administrators:rwx
group:BUILTIN\\server\040operators:r-x
group:NT\040AUTHORITY\\system:rwx
group:NT\040AUTHORITY\\authenticated\040users:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\\administrators:rwx
default:user:BUILTIN\\server\040operators:r-x
default:user:NT\040AUTHORITY\\system:rwx
default:user:NT\040AUTHORITY\\authenticated\040users:r-x
default:group::---
default:group:BUILTIN\\administrators:rwx
default:group:BUILTIN\\server\040operators:r-x
default:group:NT\040AUTHORITY\\system:rwx
default:group:NT\040AUTHORITY\\authenticated\040users:r-x
default:mask::rwx
default:other::---
------
GPO with erro Now:
DC1
getfacl
/usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/\{149AD731-C29D-41E7-B1D4-1DECA7DBED58\}/GPT.INI
getfacl: Removing leading '/' from absolute path names
# file:
usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/{149AD731-C29D-41E7-B1D4-1DECA7DBED58}/GPT.INI
# owner: BUILTIN\\administrators
# group: users
user::rwx
user:NT\040AUTHORITY\\system:rwx
user:XXXX\\enterprise\040admins:rwx
user:XXXX\\domain\040admins:rwx
user:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
user:XXXX\\domain\040computers:r-x
user:XXXX\\mercado_xxxx:r-x
group::---
group:users:---
group:BUILTIN\\administrators:rwx
group:NT\040AUTHORITY\\system:rwx
group:XXXX\\enterprise\040admins:rwx
group:XXXX\\domain\040admins:rwx
group:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
group:XXXX\\domain\040computers:r-x
group:XXXX\\mercado_xxxx:r-x
mask::rwx
other::---
DC 2
getfacl
/usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/\{149AD731-C29D-41E7-B1D4-1DECA7DBED58\}/GPT.INI
getfacl: Removing leading '/' from absolute path names
# file:
usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/{149AD731-C29D-41E7-B1D4-1DECA7DBED58}/GPT.INI
# owner: BUILTIN\\administrators
# group: users
user::rwx
user:NT\040AUTHORITY\\system:rwx
user:XXXX\\enterprise\040admins:rwx
user:XXXX\\domain\040admins:rwx
user:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
user:XXXX\\domain\040computers:r-x
user:XXXX\\mercado_xxxx:r-x
group::---
group:users:---
group:BUILTIN\\administrators:rwx
group:NT\040AUTHORITY\\system:rwx
group:XXXX\\enterprise\040admins:rwx
group:XXXX\\domain\040admins:rwx
group:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
group:XXXX\\domain\040computers:r-x
group:XXXX\\mercado_xxxx:r-x
mask::rwx
other::---
----
DC1
getent passwd Administrator
XXXX\administrator:*:0:100::/home/XXXX/administrator:/bin/false
DC2
getent passwd Administrator
XXXX\administrator:*:0:100::/home/XXXX/administrator:/bin/false
----
Regards;
Em 25/05/2021 09:30, L.P.H. van Belle via samba escreveu:
>>> it seems to me
>>> that it solved, even before the ids being the same in DC1
>> and DC2,
> :-/ Seems not,.. So.. Did you do exactly as asked?
>
> Imagine id 300002 on DC1 is Administrators and on DC2 its GUESTS..
> What do you think will happen.. ;-)
>
> Read my mail and instructions again please.
> Because you MUST have idmap in sync.
>
>
> Greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Carlos via samba
>> Verzonden: dinsdag 25 mei 2021 14:24
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
>>
>> Hi
>>
>> I rebooted machine, and erro again for load gpo.... :-(
>>
>> I think is problema is sysvolreset....
>>
>>
>> regrads;
>>
>>
>>
>> Em 25/05/2021 09:16, Carlos escreveu:
>>> HI!
>>>
>>> Good morning Louis :-D
>>>
>>> In Samba ADDC I did not configure (I understood that I didn?t need)
>>> the nsswitch part, but I did it now in DC 1 and DC2, it seems to me
>>> that it solved, even before the ids being the same in DC1
>> and DC2, now
>>> it remains the same with names, but gpupdate no longer gave
>> an error
>>> and successfully loaded the police \ o /
>>>
>>> But the samba-tool ntacl sysvolreset gave a different
>> error, it was in
>>> a loop with this message "idmap range not specified for
>> domain '*'",
>>> but im smb.conf of an ADDC if the idmap is not configured as I
>>> remember, at least I I never did it and I didn't even see it in the
>>> documentation.
>>>
>>> Is something else wrong now?
>>>
>>> Regards;
>>>
>>>
>>>
>>> Em 25/05/2021 04:14, L.P.H. van Belle via samba escreveu:
>>>> Good morning Carlos, ( at last morning for me. )
>>>>
>>>> Im wondering why you only see UID's and not at least few groups in
>>>> the output.
>>>> Did you configure nssswitch.conf ?
>>>>
>>>>
>>>> Did you verify this :
>>>>
>>>> Please check your share rights for sysvol from within windows.
>>>> If these are incorrect, correct them and run this script again.
>>>> Set your sysvol SHARE permissions as followed.
>>>> EVERYONE: READ
>>>> Authenticated Users: FULL CONTROL
>>>> (BUILTIN or NTDOM)\Administrators: FULL CONTROL
>>>> (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
>>>> User/Group system is added compaired to a win2008R2
>> sysvol, you need
>>>> this for some GPO settings.
>>>>
>>>> Set your sysvol FOLDER permissions as followed.
>>>> Authenticated Users: Read & Exec, Show folder content, Read
>>>> (BUILTIN or NTDOM)\Administrators: FULL CONTROL
>>>> (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL
>>>>
>>>>
>>>> Greetz,
>>>>
>>>> Louis
>>>>
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>>> Carlos via samba
>>>>> Verzonden: vrijdag 21 mei 2021 20:29
>>>>> Aan: samba at lists.samba.org
>>>>> Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
>>>>>
>>>>> Yes, in DC1 and DC2, sysvol is equal(i think)
>>>>>
>>>>> DC1 :
>>>>>
>>>>> getfacl
>>>>> /usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/\{D
>>>>> 79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
>>>>>
>>>>> getfacl: Removing leading '/' from absolute path names
>>>>> # file:
>>>>> usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/{D79B
>>>>> 199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
>>>>> # owner: 3000008
>>>>> # group: 3000008
>>>>> user::rwx
>>>>> user:3000002:rwx
>>>>> user:3000006:rwx
>>>>> user:3000010:r-x
>>>>> user:3000018:r-x
>>>>> user:3000776:r-x
>>>>> group::rwx
>>>>> group:3000002:rwx
>>>>> group:3000006:rwx
>>>>> group:3000008:rwx
>>>>> group:3000010:r-x
>>>>> group:3000018:r-x
>>>>> group:3000776:r-x
>>>>> mask::rwx
>>>>> other::---
>>>>>
>>>>> samba-tool gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>>> GPO : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>>> display name : GPO_XXX_XXX_128
>>>>> path :
>>>>> \\xxx.xxx.com.br\SysVol\xxxx.xxxx.com.br\Policies\{D79B199C-B2
>>>>> CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>>> dn :
>>>>> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
>>>>> m,DC=xxxx,DC=xxxx,DC=com,DC=br
>>>>> version : 2359302
>>>>> flags : NONE
>>>>> ACL : <hidden>
>>>>>
>>>>> -------------------------
>>>>>
>>>>> DC2
>>>>>
>>>>> getfacl
>>>>> /usr/local/samba/var/locks/sysvol/xxx.xxx.com.br/Policies/\{D7
>>>>> 9B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC\}/GPT.INI
>>>>> getfacl: Removing leading '/' from absolute path names
>>>>> # file:
>>>>> usr/local/samba/var/locks/sysvol/xxx.xxxx.com.br/Policies/{D79
>>>>> B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}/GPT.INI
>>>>> # owner: 3000008
>>>>> # group: 3000008
>>>>> user::rwx
>>>>> user:3000002:rwx
>>>>> user:3000006:rwx
>>>>> user:3000010:r-x
>>>>> user:3000018:r-x
>>>>> user:3000776:r-x
>>>>> group::rwx
>>>>> group:3000002:rwx
>>>>> group:3000006:rwx
>>>>> group:3000008:rwx
>>>>> group:3000010:r-x
>>>>> group:3000018:r-x
>>>>> group:3000776:r-x
>>>>> mask::rwx
>>>>> other::---
>>>>>
>>>>>
>>>>> samba-tool gpo show {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>>> GPO : {D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>>> display name : XXXX_XXXX_UNIDADE_128
>>>>> path :
>>>>> \\xxxx.xxxx.com.br\SysVol\xxx.xxxx.com.br\Policies\{D79B199C-B
>>>>> 2CC-4A0C-A0AB-DBF6C8C9FBAC}
>>>>> dn :
>>>>> CN={D79B199C-B2CC-4A0C-A0AB-DBF6C8C9FBAC},CN=Policies,CN=Syste
>>>>> m,DC=grupo,DC=xxxx,DC=com,DC=br
>>>>> version : 2359302
>>>>> flags : NONE
>>>>> ACL : <hidden>
>>>>>
>>>>>
>>>>> =========================
>>>>>
>>>>>
>>>>> regards
>>>>>
>>>>>
>>>>> Em 21/05/2021 14:58, Rowland penny via samba escreveu:
>>>>>> On 21/05/2021 18:44, Carlos via samba wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I tried sync idmap.ldb yesterday (but with command tdb
>>>>> backups .bak
>>>>>>> /usr/local/samba/private/idmap.ldb) ante copy dc1 to dc2,
>>>>> but error
>>>>>>> continued.
>>>>>>>
>>>>>>> I runed script:
>>>>>> GPO's are stored in two places, on disk in the sysvol
>>>>> directory and in
>>>>>> AD. The error 'NT_STATUS_OBJECT_NAME_NOT_FOUND' usually
>> occurs when
>>>>>> the GPO is in AD, but not in sysvol. Have you checked the GPO is
>>>>>> visible in sysvol ?
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
More information about the samba
mailing list