Bug 30224 – "samba-tool ntacl sysvolreset" failed during update (to 3.1)

Bug 30224 - "samba-tool ntacl sysvolreset" failed during update (to 3.1)


Summary:	"samba-tool ntacl sysvolreset" failed during update (to 3.1)

Status:	RESOLVED DUPLICATE of bug 29753

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 3.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-01-31 13:08 CET by Felix Botner
Modified:	2013-11-13 15:54 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2013-01-31 13:08:52 CET

UCS Master 3.0 (ct edition) with samba4. Then univention-ad-takeover with a windows 2008 AD Server.

During update to 3.1 i got the following error from "samba-tool ntacl sysvolreset" (/usr/lib/univention-install/96univention-samba4.inst):

ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/ntacl.py", line 214, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.6/dist-packages/samba/provision/__init__.py", line 1465, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/lib/python2.6/dist-packages/samba/provision/__init__.py", line 1401, in set_gpos_acl
    passdb=passdb)
  File "/usr/lib/python2.6/dist-packages/samba/provision/__init__.py", line 1364, in set_dir_acl
    setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb)
  File "/usr/lib/python2.6/dist-packages/samba/ntacls.py", line 121, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2)

Problem is, that the gpo link in ldap 

# Domain Controllers, w2k8r2.test
dn: ou=Domain Controllers,dc=w2k8r2,dc=test
ou: Domain Controllers
univentionObjectType: container/ou
description: Default container for domain controllers
objectClass: top
objectClass: organizationalUnit
objectClass: univentionObject
objectClass: msGPO
msGPOLink: [LDAP://CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=Sy
 stem,DC=w2k8r2,DC=test;0]

and the one in the filesystem does not match (check ...00C04f vs ..00C4F)

-> ls -la '/var/lib/samba/sysvol/w2k8r2.test/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}'
Datei oder Verzeichnis nicht gefunden

-> ls -la '/var/lib/samba/sysvol/w2k8r2.test/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}'
insgesamt 40
drwxrwx---+ 4 Administrator Administrators 4096 30. Jan 11:01 .
drwxrwx---+ 4 Administrator Administrators 4096 30. Jan 11:01 ..
-rwxrwx---+ 1 Administrator Administrators   22 30. Jan 07:47 GPT.INI
drwxrwx---+ 3 Administrator Administrators 4096 30. Jan 13:46 MACHINE
drwxrwx---+ 2 Administrator Administrators 4096 30. Jan 11:01 USER

(on the windows AD the gpo is {6AC1786C-016F-11D2-945F-00C04fB984F9} in ldap and in the sysvol dir)

Comment 1 Felix Botner

2013-01-31 14:37:36 CET

Maybe this can be fixed in univention-ad-takeover phase III. 

On my win ad the gpo seems to be correct (equal in ldap and filesystem). After univention-ad-takeover phase I the gpo ldap link in the UCS LDAP does not match the one on the filesystem.

Comment 2 Arvid Requate

2013-11-13 15:54:27 CET


*** This bug has been marked as a duplicate of bug 29753 ***