Groups | Search | Server Info | Keyboard shortcuts | Login | Register
| From | Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> |
|---|---|
| Newsgroups | linux.samba |
| Subject | [Samba] Problem sysvolreset |
| Date | 2017-03-07 16:30 +0100 |
| Message-ID | <tipdL-11m-13@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
Hi guys!
I´m experiencing a problem with samba 4 policies and acl and i don´t known
how it starded to do.
Some problems like copy Policies, edit them, etc. It seems like
permissions, but i´ve checked the list and can´t find a solution.
Here are some outputs that i hope can help to understand:
# Sysvol permissions:
drwxrwxrwx+ 3 root DOMAIN\domain admins 4096 Mar 7 12:17 sysvol
# samba-tool ntacl sysvolreset -d10
Successfully loaded vfs module [acl_xattr] with the new modules system
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and
'force unknown acl user = true' for service Unknown Service (snum == -1)
vfswrap_fs_capabilities: timestamp resolution of sec available on share
(null), directory /
Segmentation fault (core dumped)
# samba-tool ntacl sysvolcheck -d10
dn: DC=domain,DC=local
objectGUID: 18027d7b-530e-4a6e-8109-722430964df7
objectSid: S-1-5-21-1058002876-845724780-2777320708
fSMORoleOwner: CN=NTDS
Settings,CN=servername,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=domain,DC=local
ldb: ldb_trace_response: DONE
error: 0
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: DB ACL on sysvol directory
/usr/local/samba/var/locks/sysvol/domain.local
O:LAG:BAD:AI(A;OICIID;0x001f01ff;;;LA)(A;OICIIOID;0x001f01ff;;;CO)(A;ID;0x00100000;;;BA)(A;OICIIOID;0x00100000;;;CG)(A;OICIID;0x001200a9;;;AU)(A;OICIID;0x001f01ff;;;SY)(A;OICIID;0x001200a9;;;SO)(A;OICIID;0x00100000;;;WD)(A;OICIID;0x001f01ff;;;BA)
does not match expected value
O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)
from provision
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line
270, in run
lp)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1728, in checksysvolacl
raise ProvisioningError('%s ACL on sysvol directory %s %s does not
match expected value %s from provision' % (acl_type(direct_db_access),
dir_path, fsacl_sddl, SYSVOL_ACL))
# samba-tool gpo aclcheck -U Administrator
Password for [DOMAIN\Administrator]:
ERROR: Invalid GPO ACL
O:LAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
on path (cbmerj.local\Policies\{F274A070-5B45-4434-BB7C-75AE1D702A6B}),
should be
O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
This last error is happening to all my policies. After each police i
repair, another one shows up with problem and i can´t delete all policies
and recreate to test.
Thanks for your help!
--
-------------------------------------------
Edson Tadeu Almeida Silveira
http://sites.google.com/site/edsontadeu/
-------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to linux.samba | Previous | Next — Next in thread | Find similar
[Samba] Problem sysvolreset Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> - 2017-03-07 16:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 17:00 +0100
Re: [Samba] Problem sysvolreset Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> - 2017-03-07 17:20 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 17:40 +0100
Re: [Samba] Problem sysvolreset Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> - 2017-03-07 18:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 18:40 +0100
Re: [Samba] Problem sysvolreset Edson Tadeu Almeida da Silveira via samba <samba@lists.samba.org> - 2017-03-07 18:50 +0100
Re: [Samba] Problem sysvolreset Kris Lou via samba <samba@lists.samba.org> - 2017-03-07 19:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 20:00 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-07 21:30 +0100
Re: [Samba] Problem sysvolreset Björn JACKE via samba <samba@lists.samba.org> - 2017-03-20 15:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-20 15:50 +0100
Re: [Samba] Problem sysvolreset "L.P.H. van Belle via samba" <samba@lists.samba.org> - 2017-03-20 16:40 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-20 17:30 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-21 16:50 +0100
Re: [Samba] Problem sysvolreset "L.P.H. van Belle via samba" <samba@lists.samba.org> - 2017-03-21 17:20 +0100
Re: [Samba] Problem sysvolreset Rowland Penny via samba <samba@lists.samba.org> - 2017-03-21 17:40 +0100
csiph-web