Univention Bugzilla – Bug 30224
"samba-tool ntacl sysvolreset" failed during update (to 3.1)
Last modified: 2013-11-13 15:54:27 CET
UCS Master 3.0 (ct edition) with samba4. Then univention-ad-takeover with a windows 2008 AD Server. During update to 3.1 i got the following error from "samba-tool ntacl sysvolreset" (/usr/lib/univention-install/96univention-samba4.inst): ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error') File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.6/dist-packages/samba/netcmd/ntacl.py", line 214, in run lp, use_ntvfs=use_ntvfs) File "/usr/lib/python2.6/dist-packages/samba/provision/__init__.py", line 1465, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File "/usr/lib/python2.6/dist-packages/samba/provision/__init__.py", line 1401, in set_gpos_acl passdb=passdb) File "/usr/lib/python2.6/dist-packages/samba/provision/__init__.py", line 1364, in set_dir_acl setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb) File "/usr/lib/python2.6/dist-packages/samba/ntacls.py", line 121, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2) Problem is, that the gpo link in ldap # Domain Controllers, w2k8r2.test dn: ou=Domain Controllers,dc=w2k8r2,dc=test ou: Domain Controllers univentionObjectType: container/ou description: Default container for domain controllers objectClass: top objectClass: organizationalUnit objectClass: univentionObject objectClass: msGPO msGPOLink: [LDAP://CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=Sy stem,DC=w2k8r2,DC=test;0] and the one in the filesystem does not match (check ...00C04f vs ..00C4F) -> ls -la '/var/lib/samba/sysvol/w2k8r2.test/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}' Datei oder Verzeichnis nicht gefunden -> ls -la '/var/lib/samba/sysvol/w2k8r2.test/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}' insgesamt 40 drwxrwx---+ 4 Administrator Administrators 4096 30. Jan 11:01 . drwxrwx---+ 4 Administrator Administrators 4096 30. Jan 11:01 .. -rwxrwx---+ 1 Administrator Administrators 22 30. Jan 07:47 GPT.INI drwxrwx---+ 3 Administrator Administrators 4096 30. Jan 13:46 MACHINE drwxrwx---+ 2 Administrator Administrators 4096 30. Jan 11:01 USER (on the windows AD the gpo is {6AC1786C-016F-11D2-945F-00C04fB984F9} in ldap and in the sysvol dir)
Maybe this can be fixed in univention-ad-takeover phase III. On my win ad the gpo seems to be correct (equal in ldap and filesystem). After univention-ad-takeover phase I the gpo ldap link in the UCS LDAP does not match the one on the filesystem.
*** This bug has been marked as a duplicate of bug 29753 ***