Bug 11136 - samba-tool exception Unknown sddl sid code 'Dn' when running --reset-well-known-acls
samba-tool exception Unknown sddl sid code 'Dn' when running --reset-well-kno...
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Python
4.1.17
x64 Linux
: P5 normal
: 4.3
Assigned To: Jelmer Vernooij
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-05 18:05 UTC by mark.walker
Modified: 2015-03-13 10:28 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description mark.walker 2015-03-05 18:05:01 UTC
During migration from early alpha samba installation and running the recommended:
samba-tool db-check --cross-ncs --fix --reset-well-known-acls 

All DB Fixes are successful but when it reach acl resets a fatal exception is thrown:

Checking 1884 objects
Not resetting nTSecurityDescriptor on CN=Builtin,DC=office,DC=example,DC=co,DC=uk

Not resetting nTSecurityDescriptor on CN=LostAndFound,DC=office,DC=example,DC=co,DC=uk

Unknown sddl sid code 'Dn'
Badly formatted SDDL 'AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;DnsAdmins)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)'
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Unable to parse SDDL
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/dbcheck.py", line 136, in run
    controls=controls, attrs=attrs)
  File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 134, in check_database
    error_count += self.check_object(object.dn, attrs=attrs)
  File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 1202, in check_object
    well_known_sd = self.get_wellknown_sd(dn)
  File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 1080, in get_wellknown_sd
    name_map=self.name_map))
  File "/usr/lib/python2.6/dist-packages/samba/descriptor.py", line 362, in get_dns_domain_microsoft_dns_descriptor
    return sddl2binary(sddl, domain_sid, name_map)
  File "/usr/lib/python2.6/dist-packages/samba/descriptor.py", line 43, in sddl2binary
    sec = security.descriptor.from_sddl(sddl, domain_sid)

Happy to send LDB files to whomever is assigned this bug.