[Samba] Samba-tool Error creating new GPO
David Mulder
dmulder at samba.org
Thu Jan 12 19:35:55 UTC 2023
There's a bug open against opensuse of an error occurring when creating
a gpo via samba-tool. This only happens against a Samba addc (not
Windows), and I can't reproduce it in the samba test environment
(against master for 4.17.4). The original bug is here:
https://bugzilla.opensuse.org/show_bug.cgi?id=1206475
> samba-tool gpo create "Global Message2" -U Administrator
Password for [DMTEST\Administrator]:
Using temporary directory /tmp/tmp058835xo (use --tmpdir to change)
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
process has requested access to an object but has not been granted those
access rights.')
File "/usr/lib64/python3.10/site-packages/samba/netcmd/__init__.py",
line 185, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python3.10/site-packages/samba/netcmd/gpo.py", line
1279, in run
conn.set_acl(sharepath, fs_sd, sio)
File
"/usr/lib64/python3.10/site-packages/samba/samba3/libsmb_samba_internal.py",
line 128, in set_acl
self.set_sd(fnum, sd, sinfo)
I'm thinking it's a configuration issue, but I'm not sure what. I
tinkered with the call to set_acl in python/samba/netcmd/gpo.py, and
found if I remove the SECINFO_OWNER from the sinfo then the command
succeeds.
If I disable that set_acl call, then I can successfully create the GPO.
`samba-tool ntacl sysvolcheck` fails when I do this, but after a
`samba-tool ntacl sysvolreset` all is well.
Anyone have any ideas here?
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the samba
mailing list