Hi, With samba 4.8.2 (debian unstable) samba-tool gpo aclcheck always fails with the following error: ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", line 1150, in run ds_sd_ndr = m['nTSecurityDescriptor'][0] This is reported in debian BTS since 2014, so that's not new https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742182
Dup of bug #11613, please close.
Hello, Are you sure? I was able to reproduce this in 4.8.2, while it seems that bug #11613 was fixed in 4.3-4.4
This is still seen on 4.8.9, i've just update my DC now to 4.9.4 and checked both. Samba 4.8.9 and 4.9.4 still have this bug. And in my optioniont his is not a duplicate, there is some work going on at the moment on GPO and acls.
After this commit (4.11+, I'd guess): https://gitlab.com/samba-team/samba/-/commit/5bfad1b2b08031b99834c9ca39c1900d52c8eb0d the traceback will be gone, and you'll see instead: ERROR: Could not read nTSecurityDescriptor. This requires an Administrator account Now, whether there's an underlying issue (i.e. admin lacks an nTSecurityDescriptor) that this misses, I don't know, due to the lack of information.