Bug 12730 - 4.6.x issue with using acl's on FreeBSD
Summary: 4.6.x issue with using acl's on FreeBSD
Status: RESOLVED DUPLICATE of bug 12912
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.6.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2017-04-04 13:49 UTC by Dron
Modified: 2017-07-26 19:41 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Dron 2017-04-04 13:49:39 UTC
FreeBSD 11.0 p8 x64
Samba 4.6.2 from ports

I have problem with domain provisioning related to acl using.
While trying test provisioning of new domain (samba-tool domain provision --use-rfc2307 --interactive) get next error:

Setting up sam.ldb users and groups
Setting up self join
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_PARAMETER.
ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected information received')
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 471, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1806, in provision_fill
    names.domaindn, lp, use_ntvfs)
  File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1593, in setsysvolacl
  File "/usr/local/lib/python2.7/site-packages/samba/ntacls.py", line 162, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)

This issue is absent at 4.5.6, 4.5.7, 4.5.8. Also in maillist there is note about this problem in Samba 4.6.0 rc4 - https://www.spinics.net/lists/samba/msg141182.html
Comment 1 Dewayne 2017-07-26 09:03:34 UTC
The patch at 
may help.  Its built on the work of others on the samba lists.  A workaround until...
Comment 2 Andrew Bartlett 2017-07-26 19:41:13 UTC
Thanks for reporting this issues.  This is a duplicate, so I'm closing it do ensure we handle this in just one place.

Sadly it is also a difficult issue to sort out.

*** This bug has been marked as a duplicate of bug 12912 ***