Bug 11136 - samba-tool exception Unknown sddl sid code 'Dn' when running --reset-well-known-acls
Summary: samba-tool exception Unknown sddl sid code 'Dn' when running --reset-well-kno...
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Python (show other bugs)
Version: 4.1.17
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: 4.3
Assignee: Jelmer Vernooij
QA Contact: Samba QA Contact
Depends on:
Reported: 2015-03-05 18:05 UTC by mark.walker (dead mail address)
Modified: 2020-12-30 11:15 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description mark.walker (dead mail address) 2015-03-05 18:05:01 UTC
During migration from early alpha samba installation and running the recommended:
samba-tool db-check --cross-ncs --fix --reset-well-known-acls 

All DB Fixes are successful but when it reach acl resets a fatal exception is thrown:

Checking 1884 objects
Not resetting nTSecurityDescriptor on CN=Builtin,DC=office,DC=example,DC=co,DC=uk

Not resetting nTSecurityDescriptor on CN=LostAndFound,DC=office,DC=example,DC=co,DC=uk

Unknown sddl sid code 'Dn'
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Unable to parse SDDL
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/dbcheck.py", line 136, in run
    controls=controls, attrs=attrs)
  File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 134, in check_database
    error_count += self.check_object(object.dn, attrs=attrs)
  File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 1202, in check_object
    well_known_sd = self.get_wellknown_sd(dn)
  File "/usr/lib/python2.6/dist-packages/samba/dbchecker.py", line 1080, in get_wellknown_sd
  File "/usr/lib/python2.6/dist-packages/samba/descriptor.py", line 362, in get_dns_domain_microsoft_dns_descriptor
    return sddl2binary(sddl, domain_sid, name_map)
  File "/usr/lib/python2.6/dist-packages/samba/descriptor.py", line 43, in sddl2binary
    sec = security.descriptor.from_sddl(sddl, domain_sid)

Happy to send LDB files to whomever is assigned this bug.
Comment 1 Björn Jacke 2020-12-30 09:00:58 UTC
is this still an issue with 4.13 ?