[Samba] Upgrade to 4.20: Not resetting nTSecurityDescriptor
Rowland Penny
rpenny at samba.org
Mon Apr 15 07:28:16 UTC 2024
On Mon, 15 Apr 2024 07:53:16 +0200
Daniel Müller via samba <samba at lists.samba.org> wrote:
> I did it:
> root at dom2:~# samba-tool dbcheck --fix
> Checking 705 objects
> Reset nTSecurityDescriptor on CN=Deleted Objects,DC=tlk,DC=loc back
> to provision default? Owner
> mismatch: SY (in ref) DA(in current) Group mismatch: SY (in ref)
> DA(in current) Part dacl is different between reference and current
> here is the detail: (A;;LCRPLORC;;;AU) ACE is not present in the
> reference (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in
> the r eference
> (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the r
> eference (A;;CCDCLCSWRPWPSDRCWDWO;;;SY)
> ACE is not present in the current (A;;LCRP;;;BA) ACE is not present
> in the current [y/N/all/none] y Fixed attribute
> 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=tlk,DC=loc'
>
> Checked 705 objects (1 errors)
>
>
>
> root at dom2:~# samba-tool dbcheck --cross-ncs
> Checking 4506 objects
> Not resetting nTSecurityDescriptor on CN=Deleted
> Objects,CN=Configuration,DC=tlk,DC=loc
>
> Not resetting nTSecurityDescriptor on CN=Deleted
> Objects,DC=DomainDnsZones,DC=tlk,DC=loc
>
> Not resetting nTSecurityDescriptor on CN=Deleted
> Objects,DC=ForestDnsZones,DC=tlk,DC=loc
>
> Checked 4506 objects (3 errors)
> Please use 'samba-tool dbcheck --fix' to fix 3 errors
> root at dom2:~# samba-tool dbcheck --fix
> Checking 705 objects
> Checked 705 objects (0 errors)
>
> But the next "samba-tool dbcheck --cross-ncs" shows the same three
> errors again!?
>
Try it like this:
samba-tool dbcheck --fix --yes
Rowland
More information about the samba
mailing list