[Samba] Upgrade to 4.20: Not resetting nTSecurityDescriptor

Ingo Asche foren at asche-rz.de
Mon Apr 15 07:49:29 UTC 2024 

Hi Daniel,

I'm in the opinion it has to be "dbcheck --cross-cns --fix"

Because only with --cross-ncs this errors will be found. So try that...

Regards
Ingo
https://github.com/WAdama

Daniel Müller via samba schrieb am 15.04.2024 um 09:44:
> root at dom2:~# samba-tool dbcheck --fix --yes
> Checking 705 objects
> Checked 705 objects (0 errors)
> root at dom2:~# samba-tool dbcheck --cross-ncs
> Checking 4506 objects
> Not resetting nTSecurityDescriptor on CN=Deleted Objects,CN=Configuration,DC=tlk,DC=loc
>
> Not resetting nTSecurityDescriptor on CN=Deleted Objects,DC=DomainDnsZones,DC=tlk,DC=loc
>
> Not resetting nTSecurityDescriptor on CN=Deleted Objects,DC=ForestDnsZones,DC=tlk,DC=loc
>
> Checked 4506 objects (3 errors)
> Please use 'samba-tool dbcheck --fix' to fix 3 errors
>
> -----Ursprüngliche Nachricht-----
> Von: Rowland Penny via samba [mailto:samba at lists.samba.org]
> Gesendet: Montag, 15. April 2024 09:28
> An: samba at lists.samba.org
> Cc: Rowland Penny <rpenny at samba.org>
> Betreff: Re: [Samba] Upgrade to 4.20: Not resetting nTSecurityDescriptor
>
> On Mon, 15 Apr 2024 07:53:16 +0200
> Daniel Müller via samba <samba at lists.samba.org> wrote:
>
>> I did it:
>> root at dom2:~# samba-tool dbcheck --fix
>> Checking 705 objects
>> Reset nTSecurityDescriptor on CN=Deleted Objects,DC=tlk,DC=loc back
>> to provision                                   default? Owner
>> mismatch: SY (in ref) DA(in current) Group mismatch: SY (in ref) DA(in
>> current) Part dacl is different between reference and current here is
>> the detail: (A;;LCRPLORC;;;AU) ACE is not present in the reference
>> (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in
>> the r                                  eference
>> (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the r
>>                              eference (A;;CCDCLCSWRPWPSDRCWDWO;;;SY)
>> ACE is not present in the current (A;;LCRP;;;BA) ACE is not present in
>> the current [y/N/all/none] y Fixed attribute 'nTSecurityDescriptor' of
>> 'CN=Deleted Objects,DC=tlk,DC=loc'
>>
>> Checked 705 objects (1 errors)
>>
>>
>>
>> root at dom2:~# samba-tool dbcheck --cross-ncs Checking 4506 objects Not
>> resetting nTSecurityDescriptor on CN=Deleted
>> Objects,CN=Configuration,DC=tlk,DC=loc
>>
>> Not resetting nTSecurityDescriptor on CN=Deleted
>> Objects,DC=DomainDnsZones,DC=tlk,DC=loc
>>
>> Not resetting nTSecurityDescriptor on CN=Deleted
>> Objects,DC=ForestDnsZones,DC=tlk,DC=loc
>>
>> Checked 4506 objects (3 errors)
>> Please use 'samba-tool dbcheck --fix' to fix 3 errors root at dom2:~#
>> samba-tool dbcheck --fix Checking 705 objects Checked 705 objects (0
>> errors)
>>
>> But the next "samba-tool dbcheck --cross-ncs" shows the same three
>> errors again!?
>>
> Try it like this:
>
> samba-tool dbcheck --fix --yes
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list