[Samba] GPO incomplete / missing -> samba-tool crash
Kees van Vloten
keesvanvloten at gmail.com
Mon Jan 10 16:53:37 UTC 2022
Hi team,
I am running 4.15.3 (from Louis') on Bullseye.
I have no clue how I got here, but the question is: how to get it fixed?
It looks like there is a policy defined in LDAP that does not exist on
the filesystem, in any case it makes samba-tool crashing:
samba-tool ntacl sysvolcheck
ERROR(<class 'TypeError'>): uncaught exception - (2, 'No such file or
directory')
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line
443, in run
provision.checksysvolacl(samdb, netlogon, sysvol,
File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1876, in checksysvolacl
check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1826, in check_gpos_acl
check_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1766, in check_dir_acl
fsacl = getntacl(lp, path, session_info,
direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 112, in
getntacl
attribute = samba.xattr_native.wrap_getxattr(file
samba-tool ntacl sysvolreset
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is
not found.')
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line
412, in run
provision.setsysvolacl(samdb, netlogon, sysvol,
File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1754, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1641, in set_gpos_acl
set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1604, in set_dir_acl
setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs,
skip_invalid_chown=True, passdb=passdb, service=service)
File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 228, in
setntacl
smbd.set_nt_acl(
samba-tool gpo listall
GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path :
\\samdom.net\sysvol\samdom.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn :
CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=samdom,DC=net
version : 0
flags : NONE
GPO : {75991237-941B-47B9-AF67-853781EA44B3}
ERROR(<class 'KeyError'>): uncaught exception - 'No such element'
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line 477,
in run
self.outf.write("display name : %s\n" % m['displayName'][0])
The policy '{75991237-941B-47B9-AF67-853781EA44B3}' is not available on
the filesystem (/var/lib/sysvol/samdom.net/Policies).
When I try to remove it, it tells me:
samba-tool gpo del '{75991237-941B-47B9-AF67-853781EA44B3}'
ERROR: GPO '{75991237-941B-47B9-AF67-853781EA44B3}' does not exist
Strace shows that 'samba-tool ntacl sysvolcheck' also fails on the same
non-existing file:
strace samba-tool ntacl sysvolcheck
<removed lots of output>
getxattr("/var/lib/samba/sysvol/samdom.net/Policies/{75991237-941B-47B9-AF67-853781EA44B3}",
"security.NTACL", NULL, 0) = -1 ENOENT (No such file or directory)
write(2, "ERROR(<class 'TypeError'>): unca"..., 82ERROR(<class
'TypeError'>): uncaught exception - (2, 'No such file or directory')
) = 82
<removed rest of output>
How to fix this issue?
- Kees
More information about the samba
mailing list