13216 – samba-tool ntacl get <item> --as-sddl does not work on member server

Bug 13216 - samba-tool ntacl get <item> --as-sddl does not work on member server

Summary: samba-tool ntacl get <item> --as-sddl does not work on member server

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.7.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-01-12 12:13 UTC by Denis Cardon
Modified:	2021-08-01 12:49 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Denis Cardon 2018-01-12 12:13:51 UTC

samba-tool ntacl  get <item> --as-sddl does work on Domain controllers, but fails on member servers with the following error :

 samba-tool ntacl  get myfoldername --as-sddl
   ERROR: Unable to read domain SID from configuration files

It would be great to be able to set real windows ACL directly from linux command line.

Comment 1 Rowland Penny 2021-01-10 21:38:53 UTC

(In reply to Denis Cardon from comment #0)
Denis, have you tried running the command as root or with sudo ?

Comment 2 Rowland Penny 2021-08-01 12:49:54 UTC

Closing this as it works for myself with sudo:

rowland@devstation:~$ sudo samba-tool ntacl get /srv/samba --as-sddl
O:S-1-22-1-0G:S-1-22-2-0D:(A;;0x001f01ff;;;S-1-22-1-0)(A;;0x001200a9;;;S-1-22-2-0)(A;;0x001200a9;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)

'devstation' is a Unix domain member.