[Samba] samba-tool ntacl sysvolreset error on newly joined DC

Carlos Gardel carlosito2021 at outlook.com
Thu Jan 6 18:02:08 UTC 2022 

Hello!

I am running an active directory domain with two samba DC:s (DC1 och DC2).

The existing DC:s, working perfectly, are running on Centos 6 with samba 4.9.8. Due to Centos 6 being EOL since quite some time I now want to join a new DC (DC3) to the domain.

I have set up a new DC, running Centos 8/stream with samba 4.15.3 (compiled from source), following the tutorial at https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory.
Everything has worked perfectly until the section ”Built-in User & Group ID Mappings” where you are supposed to ”reset the Sysvol folder’s file system acces Control lists on  the new DC” by running:
# samba-tool ntacl sysvolreset.

On running this command I get the following error output:

[root at dc3 ~]# samba-tool ntacl sysvolreset
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is not found.')
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/ntacl.py", line 415, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py", line 1754, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py", line 1631, in set_gpos_acl
    use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/ntacls.py", line 230, in setntacl
    service=service, session_info=session_info)
[root at dc3 ~]#

After changing samba log level to 4 the output is as follows (i have changed the actual domain name and ip:s):

[root at dc3 ~]# samba-tool ntacl sysvolreset
Processing section "[sysvol]"
Processing section "[netlogon]"
pm_process() returned Yes
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
doing parameter dns forwarder = 192.168.100.1
doing parameter netbios name = DC3
doing parameter realm = DOMAIN.SAMDOM.COM
doing parameter server role = active directory domain controller
doing parameter workgroup = DOMAIN
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter log level = 4
Processing section "[sysvol]"
doing parameter path = /usr/local/samba/var/locks/sysvol
doing parameter read only = No
Processing section "[netlogon]"
doing parameter path = /usr/local/samba/var/locks/sysvol/domain.samdom.com/scripts
doing parameter read only = No
pm_process() returned Yes
ldb_wrap open of idmap.ldb
lp_load_ex: refreshing parameters
Processing section "[global]"
doing parameter dns forwarder = 192.168.100.1
doing parameter netbios name = DC3
doing parameter realm = DOMAIN.SAMDOM.COM
doing parameter server role = active directory domain controller
doing parameter workgroup = DOMAIN
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter log level = 4
Processing section "[sysvol]"
doing parameter path = /usr/local/samba/var/locks/sysvol
doing parameter read only = No
Processing section "[netlogon]"
doing parameter path = /usr/local/samba/var/locks/sysvol/domain.samdom.com/scripts
doing parameter read only = No
pm_process() returned Yes
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
load_module_absolute_path: Module '/usr/local/samba/lib/vfs/acl_xattr.so' loaded
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1)
vfs_ChDir to /root
vfs_ChDir to /usr/local/samba/var/locks/sysvol
vfs_ChDir to /root
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1)
lp_load_ex: refreshing parameters
Processing section "[global]"
doing parameter dns forwarder = 192.168.100.1
doing parameter netbios name = DC3
doing parameter realm = DOMAIN.SAMDOM.COM
doing parameter server role = active directory domain controller
doing parameter workgroup = DOMAIN
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter log level = 4
Processing section "[sysvol]"
doing parameter path = /usr/local/samba/var/locks/sysvol
doing parameter read only = No
Processing section "[netlogon]"
doing parameter path = /usr/local/samba/var/locks/sysvol/domain.samdom.com/scripts
doing parameter read only = No
pm_process() returned Yes
ldb_wrap open of idmap.ldb
ldb_wrap open of idmap.ldb
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
unpack_nt_owners: group sid mapped to gid 3000000
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
unpack_nt_owners: group sid mapped to gid 3000000
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
unpack_nt_owners: group sid mapped to gid 3000000
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is not found.')
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/ntacl.py", line 415, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py", line 1754, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py", line 1631, in set_gpos_acl
    use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/ntacls.py", line 230, in setntacl
    service=service, session_info=session_info)
[root at dc3 ~]#

>From the output above I can not understand what is wrong. I have tried searching for the error on google but have found nothing.
I would very much appreciate any help on how to proceed!

Kind regards,
Carl

More information about the samba mailing list