[Samba] samba-tool ntacl sysvolcheck: LAG vs DAG?
Michael Tokarev
mjt at tls.msk.ru
Wed Jun 25 09:45:15 UTC 2025
Hi!
Currently, `samba-tool ntacl sysvolcheck' throws the following error
to me:
# samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: DB ACL on GPO directory
/var/lib/samba/sysvol/tls.msk.ru/Policies/{3E5BB783-D38A-49A2-9453-356FE7E71985}
O:LAG:DAD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(OA;OICI;;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;OICI;0x1200a9;;;ED)
does not match expected value
O:DAG:DAD:P(A;OICI;FA;;;DA)(A;OICI;FA;;;EA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;DA)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;AU)(OA;OICI;;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;OICI;0x1200a9;;;ED)
from GPO object
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
356, in _run
The actual difference is the second entry, which is LAG (actual)
vs DAG (expected).
`samba-tool ntacl sysvolreset` does not report any changes.
What *is* this DAG/LAG thing, how to fix this error (so maybe
to proceed to other errors, at least), and does it actually
matter?
Thanks,
/mjt
More information about the samba
mailing list