Bug 10321 - sysvolcheck uncaught exception
sysvolcheck uncaught exception
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools
4.1.3
x64 Linux
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks: 11924
  Show dependency treegraph
 
Reported: 2013-12-13 10:23 UTC by Marc Muehlfeld
Modified: 2016-08-26 01:08 UTC (History)
2 users (show)

See Also:


Attachments
SysVol share content that causes the exception (zipped incl. xattrs) (1.96 KB, application/x-bzip2)
2013-12-13 10:23 UTC, Marc Muehlfeld
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Muehlfeld 2013-12-13 10:23:37 UTC
Created attachment 9525 [details]
SysVol share content that causes the exception (zipped incl. xattrs)

# samba-tool ntacl sysvolcheck
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available')
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line 249, in run
    lp)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1686, in checksysvolacl
    fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/ntacls.py", line 73, in getntacl
    xattr.XATTR_NTACL_NAME)



If I run sysvolreset to fix the errors, then the check runs fine.


SysVol share is on XFS.
Comment 1 heupink 2014-08-18 08:15:42 UTC
Seeing a similar error, on sernet 4.1.7 and 4.1.9, on ext4:

root@dc3:~# samba-tool ntacl sysvolcheck
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1686, in checksysvolacl
    fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 73, in getntacl
    xattr.XATTR_NTACL_NAME)
root@dc3:~# 

Also here: samba-tool ntacl sysvolreset works, and after that also samba-tool ntacl sysvolcheck reports success.
Comment 2 Marc Muehlfeld 2016-08-26 01:08:25 UTC
Update: Samba 4.5.0rc2 still shows an exception when running the sysvolcheck:


[root@DC1 samba-4.5.0rc2]# samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /usr/local/samba/var/locks/sysvol/samdom.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/ntacl.py", line 270, in run
    lp)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1723, in checksysvolacl
    direct_db_access)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1674, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1621, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))