Due to an error elsewhere (one of my scripts) the directory /var/lib/samba/sysvol/samdom.com/Policies was removed. Then (without being aware of that issue) I ran samba-tool ntacl sysvolcheck (and also tried sysvolreset). Both crash hard: root@server:/var/lib/samba/sysvol# samba-tool ntacl sysvolreset Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all Could not find opname rename, logging all set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND ERROR(runtime): uncaught exception - (3221225524, 'The object name is not found.') File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line 412, in run provision.setsysvolacl(samdb, netlogon, sysvol, File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1754, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1630, in set_gpos_acl setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), session_info, File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 228, in setntacl smbd.set_nt_acl( root@sserver:/var/lib/samba/sysvol# samba-tool ntacl sysvolcheck ERROR(<class 'TypeError'>): uncaught exception - (2, 'No such file or directory') File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line 443, in run provision.checksysvolacl(samdb, netlogon, sysvol, File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1876, in checksysvolacl check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1811, in check_gpos_acl fsacl = getntacl(lp, root_policy_path, session_info, File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 112, in getntacl attribute = samba.xattr_native.wrap_getxattr(file, Since the errors are not very clear on what it is missing, I used strace to find the culprit, an except of the output: getxattr("/var/lib/samba/sysvol/samdom.com", "security.NTACL", NULL, 0) = 320 getxattr("/var/lib/samba/sysvol/samdom.com", "security.NTACL", "\4\0\4\0\0\0\2\0\4\0\2\0\1\0002\301T\16\323Xi\312\203H\326\227\201\300n\0310\237"..., 320) = 320 getxattr("/var/lib/samba/sysvol/samdom.com/scripts", "security.NTACL", NULL, 0) = 320 getxattr("/var/lib/samba/sysvol/samdom.com/scripts", "security.NTACL", "\4\0\4\0\0\0\2\0\4\0\2\0\1\0002\301T\16\323Xi\312\203H\326\227\201\300n\0310\237"..., 320) = 320 getxattr("/var/lib/samba/sysvol/samdom.com/Policies", "security.NTACL", NULL, 0) = -1 ENOENT (No such file or directory) write(2, "ERROR(<class 'TypeError'>): unca"..., 82ERROR(<class 'TypeError'>): uncaught exception - (2, 'No such file or directory') ) = 82 stat("/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", {st_mode=S_IFREG|0644, st_size=9885, ...}) = 0 openat(AT_FDCWD, "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", O_RDONLY|O_CLOEXEC) = 14 fstat(14, {st_mode=S_IFREG|0644, st_size=9885, ...}) = 0 ioctl(14, TCGETS, 0x7fff9ce59290) = -1 ENOTTY (Inappropriate ioctl for device) lseek(14, 0, SEEK_CUR) = 0 read(14, "# Unix SMB/CIFS implementation.\n"..., 4096) = 4096 read(14, "ROR: %s\\n\" % (message))\n "..., 8192) = 5789 read(14, "", 8192) = 0 close(14) = 0 Would it be feasible to catch the error and produce an error message in situation? - Kees
Created attachment 17467 [details] patch for better exceptions/messages Kees, are you able to test this patch?
I will give it a try, just give me a few days :-) Will the patch apply to 4.16.2 installed from Louis' repo?
(In reply to keesvanvloten from comment #2) > Will the patch apply to 4.16.2 installed from Louis' repo? Yes, or at least it applies to the 4.16 upstream branch.
Hi Douglas, Now that I am checking I noticed you are not only patching samba-tool / python but also C code. I am not compiling Samba myself so there is no easy way for me to test that part of the patch. I did apply the Python patch. Test scenario: 1. samba --version Output: -------------- Version 4.16.2-Debian -------------- 2. mv /var/lib/samba/sysvol/samdom.com/Policies /var/lib/samba 3. Run "samba-tool ntacl sysvolreset" WITHOUT the patch Output: -------------- set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND ERROR(runtime): uncaught exception - (3221225524, 'The object name is not found.') File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line 412, in run provision.setsysvolacl(samdb, netlogon, sysvol, File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1754, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1630, in set_gpos_acl setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), session_info, File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 228, in setntacl smbd.set_nt_acl( -------------- Unfortunately this is different then it was in the initial bug report at 2021-12-23. 4. Apply patch to "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py" 5. Run "samba-tool ntacl sysvolreset" WITH the patch Output: -------------- set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND ERROR(runtime): uncaught exception - (3221225524, 'The object name is not found.') File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line 413, in run provision.setsysvolacl(samdb, netlogon, sysvol, File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1754, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1630, in set_gpos_acl setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), session_info, File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 228, in setntacl smbd.set_nt_acl( -------------- This returns exactly the same output as without the patch. I tried to move the whole "/var/lib/samba/sysvol/samdom.com" out of the way and even then I get the same output. It looks like the newer samba version (4.16.2) behaves differently, but it still does not produce sensible output to see that it is missing the Policies directory. But then again, perhaps the results WITH patch would be different if I would have applied the C code patch to "source4/ntvfs/posix/python/pyxattr_native.c" and recompiled Samba. So perhaps the test was not representative... Anyway the tests that I ran, neither reproduced the original message, nor did it return a sensible error, nor did it fix the issue (with patched python only) :-(
(In reply to keesvanvloten from comment #4) Yes, it will need both parts. I'll look at adding an automated test.
(In reply to Douglas Bagnall from comment #5) > I'll look at adding an automated test. as of course I should have from the start. That patch is insufficient, so don't worry about compiling it. There'll be a better one in master soon. The result will be a message like this: ERROR(<class 'FileNotFoundError'>): Could not access file - [Errno 2] No such file or directory: '[ ... ]/sysvol/addom.samba.example.com/Policies' use -d3 for more details which, while not beautiful, does indicate where the problem lies.
https://gitlab.com/samba-team/samba/-/merge_requests/2710
This bug was referenced in samba master: dfc92d2922fb773a3e5246d91631417a9de4adaf a5eeed52efa3656fc44ec44874f72790e82c9d91 1b4938c3b1afc8600d693ef92b6944b18e449415 dc9f29e5c35982e7ce2cb5135ce906e9960579af 5a4b050ff7b790f892c4f0edb9ecd9745184e0f4