Bug 9524 - samba-tool ntacl sysvolcheck crashes on a classicupgrade created domain
Summary: samba-tool ntacl sysvolcheck crashes on a classicupgrade created domain
Status: RESOLVED DUPLICATE of bug 11377
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.0.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-12-30 06:45 UTC by Geza Gemes (dead mail address)
Modified: 2021-12-08 01:17 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Geza Gemes (dead mail address) 2012-12-30 06:45:03 UTC
After samba-tool ntacl sysvolreset
samba-tool ntacl sysvolcheck yields:
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /usr/local/samba/var/locks/sysvol/kzsdabas.hu/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9} O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 245, in run
    lp)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1599, in checksysvolacl
    direct_db_access)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1550, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1500, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl)) 
which according to Andrew Bartlett (http://lists.samba.org/archive/samba-technical/2012-December/089643.html) is caused by the inability to map Domain Admins to an uid in a domain create by classicupgrade.
Comment 1 Björn Jacke 2021-12-08 01:17:16 UTC

*** This bug has been marked as a duplicate of bug 11377 ***