Bug 38874

Summary: Samba 4.3.1
Product: UCS Reporter: Stefan Gohmann <gohmann>
Component: Samba4Assignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: enhancement    
Priority: P5 Keywords: interim-2
Version: UCS 4.1   
Target Milestone: UCS 4.1   
Hardware: Other   
OS: Linux   
URL: https://www.samba.org/samba/history/samba-4.3.1.html
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Release Goal
Max CVSS v3 score:
Bug Depends on: 38875    
Bug Blocks: 39222, 41192    

Description Stefan Gohmann univentionstaff 2015-07-10 07:48:24 CEST 
UCS 4.1 should be shipped with Samba 4.3.
Comment 1 Arvid Requate univentionstaff 2015-10-20 20:06:47 CEST 
Samba 4.3.1 has been packaged and built alongside an updated talloc release.
winexe has been rebuilt too in the ucs_4.1-0 scope.

Changelog adjusted.
Comment 2 Stefan Gohmann univentionstaff 2015-10-23 13:51:50 CEST 
I've a new installed Samba 4 domain and I got the following result on a DC Master:

root@master441:~# samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/deadlock44.intranet/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1733, in checksysvolacl
    direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1684, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1631, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
root@master441:~#
Comment 3 Stefan Gohmann univentionstaff 2015-10-26 16:35:54 CET 
(In reply to Stefan Gohmann from comment #2)
> I've a new installed Samba 4 domain and I got the following result on a DC
> Master:
> 
> root@master441:~# samba-tool ntacl sysvolcheck
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: DB ACL on GPO directory
> /var/lib/samba/sysvol/deadlock44.intranet/Policies/{31B2F340-016D-11D2-945F-
> 00C04FB984F9}
> O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;
> 0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;
> 0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value
> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;
> 0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;
> 0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249,
> in run
>     lp)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> 1733, in checksysvolacl
>     direct_db_access)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> 1684, in check_gpos_acl
>     domainsid, direct_db_access)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
> 1631, in check_dir_acl
>     raise ProvisioningError('%s ACL on GPO directory %s %s does not match
> expected value %s from GPO object' % (acl_type(direct_db_access), path,
> fsacl_sddl, acl))
> root@master441:~#

It is reproducible with 4.0 and 3.2. I've split it into Bug #39633.
Comment 4 Felix Botner univentionstaff 2015-11-04 12:03:27 CET 
* OK - changelog
* OK - samba 4.3.1 build in 4.1-0
* OK - ucs-test
Comment 5 Stefan Gohmann univentionstaff 2015-11-17 12:11:35 CET 
UCS 4.1 has been released:
 https://docs.software-univention.de/release-notes-4.1-0-en.html
 https://docs.software-univention.de/release-notes-4.1-0-de.html

If this error occurs again, please use "Clone This Bug".