Bug 10631 - samba-tool gpo aclcheck is broken
Summary: samba-tool gpo aclcheck is broken
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.1.7
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-26 22:41 UTC by Marc Muehlfeld
Modified: 2016-08-26 00:31 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Muehlfeld 2014-05-26 22:41:49 UTC
# samba-tool gpo aclcheck 
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/gpo.py", line 1150, in run
    ds_sd_ndr = m['nTSecurityDescriptor'][0]


The command always fails.


The same failure was already mentioned in bug report #9922 regarding 4.0.0. As this bug report was in its origin about a different problem, I create a separate bug report for this exception.



Debian also has already a bug report about that:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742182
Comment 1 Thomas Maerz 2014-07-01 00:09:09 UTC
This is also happening on Sernet-Samba 4.1.9:

samba-tool -V
4.1.9-SerNet-RedHat-8.el6
[root@auth1 ad.brewerscience.com]# samba-tool gpo aclcheck
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
  File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.6/site-packages/samba/netcmd/gpo.py", line 1150, in run
    ds_sd_ndr = m['nTSecurityDescriptor'][0]

My GPOs are acting funny (working on some computers and not others in the same OU). I am not sure if that is related, but  that is how I encountered this bug.
Comment 2 Marc Muehlfeld 2014-07-01 15:42:39 UTC
I can't confirm any GPO problems. I created today some new and all worked fine and like expected. Also all previous created work. All DCs are 4.1.9.


Only the aclcheck command isn't working.
Comment 3 Marc Muehlfeld 2016-08-26 00:31:03 UTC
I tried 4.5.0rc2: Using this version, the command works and does not fail anymore.