Univention Bugzilla – Attachment 10103 Details for
Bug 49293
sysvolcheck ProvisioningError after modifying / creating GPOs in UCS@school 4.3
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
log-samba-level10-ABAEADCF-E88C-4C9D-B449-B196350A4E0C.txt
log-samba-level10-ABAEADCF-E88C-4C9D-B449-B196350A4E0C.txt (text/plain), 7.54 KB, created by
Arvid Requate
on 2019-07-04 13:07:56 CEST
(
hide
)
Description:
log-samba-level10-ABAEADCF-E88C-4C9D-B449-B196350A4E0C.txt
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2019-07-04 13:07:56 CEST
Size:
7.54 KB
patch
obsolete
>Am frisch gejointen Windows 7 Client GPMC geöffent, neue leere GPO angelegt. >Dann samba/debug/level=10 gesetzt, samba neu gestartet und in der GPMC einen >Benutzer "user1" an in die Liste lesebechtigten Konten hinzugefügt. > >In log.samba sieht man, dass der Client "1: SEC_DESC_DACL_AUTO_INHERIT_REQ" in >Samba/AD schreibt, was in SDDL dem DACL-Flag "AR" entspricht. > >In log.smbd sieht man aber, dass der Client "0: SEC_DESC_DACL_AUTO_INHERIT_REQ" >in die NTACL schreibt. > >Teile von log.samba: >============================================================================== >+[2019/06/26 18:50:01.099733, 10, pid=12533, effective(0, 0), real(0, 0), class=ldb] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) >+ ldb: start ldb transaction success >+[2019/06/26 18:50:01.099939, 10, pid=12533, effective(0, 0), real(0, 0), class=ldb] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) >+ ldb: ldb_trace_request: MODIFY >+ dn: cn={ABAEADCF-E88C-4C9D-B449-B196350A4E0C},cn=policies,cn=system,DC=ar41i1,DC=qa >+ changetype: modify >+ replace: nTSecurityDescriptor >+ nTSecurityDescriptor: D:PAR(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCL >+ CLORCWOWDSDDTSW;;;EA)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCCDCLCLORC >+ WOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(A;CI >+ ;RPLCLORC;;;ED)(A;CI;RPLCRC;;;S-1-5-21-2660895256-1678062113-3852026326-1115) >+ (OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(OA;CI;CR;edacfd8f-ffb3-11 >+ d1-b41d-00a0c968f939;;S-1-5-21-2660895256-1678062113-3852026326-1115) >+ - >+ >+ >+ control: 1.2.840.113556.1.4.801 crit:1 data:yes >+ control: 1.3.6.1.4.1.7165.4.3.17 crit:0 data:no >+ >+[2019/06/26 18:50:01.100026, 10, pid=12533, effective(0, 0), real(0, 0), class=ldb] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) > >[...] > >+[2019/06/26 18:50:01.120898, 10, pid=12533, effective(0, 0), real(0, 0)] ../../source4/dsdb/samdb/ldb_modules/descriptor.c:419(get_new_descriptor) >+ Object cn={ABAEADCF-E88C-4C9D-B449-B196350A4E0C},cn=policies,cn=system,DC=ar41i1,DC=qa created with descriptor O:DAG:DAD:PAR(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(A;CI;RPLCLORC;;;ED)(A;CI;RPLCRC;;;S-1-5-21-2660895256-1678062113-3852026326-1115)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;S-1-5-21-2660895256-1678062113-3852026326-1115)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) > >[...] > >+[2019/06/26 18:50:01.142917, 5, pid=12533, effective(0, 0), real(0, 0)] ../../lib/audit_logging/audit_logging.c:95(audit_log_human_text) >+ DSDB Change [Modify] at [Wed, 26 Jun 2019 18:50:01.142888 CEST] status [Success] remote host [ipv4:10.200.8.230:59997] SID [S-1-5-21-2660895256-1678062113-3852026326-500] DN [cn={ABAEADCF-E88C-4C9D-B449-B196350A4E0C},cn=policies,cn=system,DC=ar41i1,DC=qa] attributes [replace: nTSecurityDescriptor {AQAXmRQAAAAwAAAATAAAAMQAAAABBQAAAAAABRUAAAAYCpqeITIFZNZBmeUAAgAAAQUAAAAAAAUVAAAAGAqaniEyBWTWQZnlAAIAAAQAeAACAAAAB1o4ACAAAAADAAAAvjsO8/Cf0RG2AwAA+ANnwaV6lr/mDdARooUAqgAwSeIBAQAAAAAAAQAAAAAHWjgAIAAAAAMAAAC/Ow7z8J/REbYDAAD4A2fBpXqWv+YN0BGihQCqADBJ4gEBAAAAAAABAAAAAAQASAEKAAAAAAIkAP8ADwABBQAAAAAABRUAAAAYCpqeITIFZNZBmeUAAgAAAAIkAP8ADwABBQAAAAAABRUAAAAYCpqeITIFZNZBmeUHAgAAAAoUAP8ADwABAQAAAAAAAwAAAAAAACQA/wAPAAEFAAAAAAAFFQAAABgKmp4hMgVk1kGZ5QACAAAAAhQA/wAPAAEBAAAAAAAFEgAAAAACFACUAAIAAQEAAAAAAAULAAAAAAIUAJQAAgABAQAAAAAABQkAAAAAAiQAFAACAAEFAAAAAAAFFQAAABgKmp4hMgVk1kGZ5VsEAAAFAigAAAEAAAEAAACP/azts//REbQdAKDJaPk5AQEAAAAAAAULAAAABQI4AAABAAABAAAAj/2s7bP/0RG0HQCgyWj5OQEFAAAAAAAFFQAAABgKmp4hMgVk1kGZ5VsEAAA=}] >+ {"timestamp": "2019-06-26T18:50:01.143005+0200", "type": "dsdbChange", "dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0, "status": "Success", "operation": "Modify", "remoteAddress": "ipv4:10.200.8.230:59997", "performedAsSystem": false, "userSid": "S-1-5-21-2660895256-1678062113-3852026326-500", "dn": "cn={ABAEADCF-E88C-4C9D-B449-B196350A4E0C},cn=policies,cn=system,DC=ar41i1,DC=qa", "transactionId": "edf07c2d-4807-457c-9710-7676644920be", "sessionId": "7ed143bd-5b5c-4eab-88e7-448f1f09cde6", "attributes": {"nTSecurityDescriptor": {"actions": [{"action": "replace", "values": [{"base64": true, "value": "AQAXmRQAAAAwAAAATAAAAMQAAAABBQAAAAAABRUAAAAYCpqeITIFZNZBmeUAAgAAAQUAAAAAAAUVAAAAGAqaniEyBWTWQZnlAAIAAAQAeAACAAAAB1o4ACAAAAADAAAAvjsO8/Cf0RG2AwAA+ANnwaV6lr/mDdARooUAqgAwSeIBAQAAAAAAAQAAAAAHWjgAIAAAAAMAAAC/Ow7z8J/REbYDAAD4A2fBpXqWv+YN0BGihQCqADBJ4gEBAAAAAAABAAAAAAQASAEKAAAAAAIkAP8ADwABBQAAAAAABRUAAAAYCpqeITIFZNZBmeUAAgAAAAIkAP8ADwABBQAAAAAABRUAAAAYCpqeITIFZNZBmeUHAgAAAAoUAP8ADwABAQAAAAAAAwAAAA +> >+ AAACQA/wAPAAEFAAAAAAAFFQAAABgKmp4hMgVk1kGZ5QACAAAAAhQA/wAPAAEBAAAAAAAFEgAAAAACFACUAAIAAQEAAAAAAAULAAAAAAIUAJQAAgABAQAAAAAABQkAAAAAAiQAFAACAAEFAAAAAAAFFQAAABgKmp4hMgVk1kGZ5VsEAAAFAigAAAEAAAEAAACP/azts//REbQdAKDJaPk5AQEAAAAAAAULAAAABQI4AAABAAABAAAAj/2s7bP/0RG0HQCgyWj5OQEFAAAAAAAFFQAAABgKmp4hMgVk1kGZ5VsEAAA="}]}]}}}} >============================================================================== > >Teile von log.smbd: >============================================================================== >+[2019/06/26 18:50:04.558115, 10, pid=12534, effective(0, 5000), real(0, 0)] ../../source3/smbd/nttrans.c:956(set_sd) >+ set_sd for file ar41i1.qa/Policies/{ABAEADCF-E88C-4C9D-B449-B196350A4E0C}/User >-- >+[2019/06/26 18:50:04.607911, 10, pid=12534, effective(0, 5000), real(0, 0)] ../../source3/smbd/nttrans.c:956(set_sd) >+ set_sd for file ar41i1.qa/Policies/{ABAEADCF-E88C-4C9D-B449-B196350A4E0C}/GPT.INI >-- >+[2019/06/26 18:50:04.664002, 10, pid=12534, effective(0, 5000), real(0, 0)] ../../source3/smbd/nttrans.c:956(set_sd) >+ set_sd for file ar41i1.qa/Policies/{ABAEADCF-E88C-4C9D-B449-B196350A4E0C}/Machine >-- >+[2019/06/26 18:50:04.696057, 10, pid=12534, effective(0, 5000), real(0, 0)] ../../source3/smbd/nttrans.c:956(set_sd) >+ set_sd for file ar41i1.qa/Policies/{ABAEADCF-E88C-4C9D-B449-B196350A4E0C} >+[2019/06/26 18:50:04.696078, 1, pid=12534, effective(0, 5000), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:422(ndr_print_debug) >+ psd: struct security_descriptor >+ revision : SECURITY_DESCRIPTOR_REVISION_1 (1) >+ type : 0x9c04 (39940) >+ 0: SEC_DESC_OWNER_DEFAULTED >+ 0: SEC_DESC_GROUP_DEFAULTED >+ 1: SEC_DESC_DACL_PRESENT >+ 0: SEC_DESC_DACL_DEFAULTED >+ 0: SEC_DESC_SACL_PRESENT >+ 0: SEC_DESC_SACL_DEFAULTED >+ 0: SEC_DESC_DACL_TRUSTED >+ 0: SEC_DESC_SERVER_SECURITY >+ 0: SEC_DESC_DACL_AUTO_INHERIT_REQ >+ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ >+ 1: SEC_DESC_DACL_AUTO_INHERITED >+ 1: SEC_DESC_SACL_AUTO_INHERITED >+ 1: SEC_DESC_DACL_PROTECTED >+ 0: SEC_DESC_SACL_PROTECTED >+ 0: SEC_DESC_RM_CONTROL_VALID >+ 1: SEC_DESC_SELF_RELATIVE >+ owner_sid : * >+ owner_sid : S-1-5-21-2660895256-1678062113-3852026326-512 >+ group_sid : * >+ group_sid : S-1-5-21-2660895256-1678062113-3852026326-512 >+ sacl : NULL >+ dacl : * >+ dacl: struct security_acl >[...] >==============================================================================
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10103">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 49293
:
9972
| 10103 |
10145