First Last Prev Next    This bug is not in your last search results.
Bug 44305 - samba-tool ntacl sysvolcheck traceback due to /var/lib/samba/netlogon
samba-tool ntacl sysvolcheck traceback due to /var/lib/samba/netlogon
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-2-errata
Assigned To: Lukas Oyen
Felix Botner
:
Depends on:
Blocks: 44876 47710
  Show dependency treegraph
 
Reported: 2017-04-06 14:06 CEST by Arvid Requate
Modified: 2018-09-03 13:56 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
0001-Bug-44305-remove-netlogon-from-samba-tool-ntacl-sysv.patch (1.18 KB, patch)
2017-09-13 12:31 CEST, Lukas Oyen 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-04-06 14:06:33 CEST 
On a UCS@school singlemaster samba-tool ntacl sysvolcheck aborts with a traceback while checking the NTACLs of /var/lib/samba/netlogon :

===
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 270, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1732, in checksysvolacl
    fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 82, in getntacl
    xattr.XATTR_NTACL_NAME)
===

We should patch samba-tool ntacl sysvolcheck to *only* check the sysvol
Comment 1 Arvid Requate univentionstaff 2017-08-02 16:40:32 CEST 
Seems to be ucs-school specific
Comment 2 Lukas Oyen univentionstaff 2017-09-13 12:31:18 CEST 
Created attachment 9192 [details]
0001-Bug-44305-remove-netlogon-from-samba-tool-ntacl-sysv.patch

This occurs, as ucs-school sets the UCR variable `samba/share/netlogon/path=/var/lib/samba/netlogon`. /var/lib/samba/netlogon does not have the xattr `security.NTACL` set, and the samba-tool function `provision.setsysvolacl()` (used in `samba-tool ntacl sysvolreset` and provisioning) does not set the NTACLs for the netlogon path, so sysvolcheck fails.

This does not happen in a default UCS setup, as the UCR variable `samba/share/netlogon/path` is unset, and the netlogon path defaults to '/var/lib/samba/sysvol/<realm>/scripts' which is underneath the sysvol path and therefore recursively handled by `provision.setsysvolacl()`.

The attached patch removes netlogon from sysvolcheck (committed as r17667)
YAML: 8f751b9
Comment 3 Felix Botner univentionstaff 2017-09-13 14:01:02 CEST 
OK - sysvolcheck (ignores netlogon)
OK - samba.yaml
Comment 4 Erik Damrose univentionstaff 2017-09-20 15:03:56 CEST 
<http://errata.software-univention.de/ucs/4.2/165.html>
First Last Prev Next    This bug is not in your last search results.