Bug 44876

Summary: New check `samba_tool_sysvolcheck.py`
Product: UCS Reporter: Lukas Oyen <oyen>
Component: UMC - System diagnosticAssignee: Lukas Oyen <oyen>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: enhancement    
Priority: P5 CC: best, requate
Version: UCS 4.2Flags: best: Patch_Available+
Target Milestone: UCS 4.2-2-errata   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=44305
What kind of report is it?: Feature Request What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 38217, 44305    
Bug Blocks: 47579, 47583    
Attachments: nt-diagnostic-sysvolcheck-421.patch

Description Lukas Oyen univentionstaff 2017-06-27 17:53:42 CEST 
Created attachment 8974 [details]
nt-diagnostic-sysvolcheck-421.patch

Adds a new diagnostic check `samba_tool_sysvolcheck.py` which runs `samba-tool ntacl sysvolcheck`.

We might want to merge this with bug #40605 into a more general `samba-tool` check.
Comment 1 Lukas Oyen univentionstaff 2017-08-01 16:35:52 CEST 
Committed in r81640 - r81641 (advisory r81649).
Comment 2 Florian Best univentionstaff 2017-08-01 18:57:32 CEST 
Not sure if it's an error in "samba-tool ntacl sysvolcheck" or in this script. I get a traceback:

`samba-tool ntacl sysvolcheck` meldet ein Problem mit den SYSVOL ACL Einträgen.

STDOUT:
ERROR(): uncaught exception - (61, 'No data available')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 270, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1732, in checksysvolacl
    fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 81, in getntacl
    xattr.XATTR_NTACL_NAME)
Comment 3 Lukas Oyen univentionstaff 2017-08-02 16:06:32 CEST 
(In reply to Florian Best from comment #2)
> Not sure if it's an error in "samba-tool ntacl sysvolcheck" or in this
> script. I get a traceback:

This is a problem with samba-tool. Could you provide some more details about your environment? Maybe we can add some explanation in certain cases?
Comment 4 Florian Best univentionstaff 2017-08-02 16:08:15 CEST 
You can have a look in my VM: 10.200.27.130
Comment 5 Lukas Oyen univentionstaff 2017-08-02 16:24:04 CEST 
(In reply to Florian Best from comment #4)
> You can have a look in my VM: 10.200.27.130

See bug #44305.
Comment 6 Arvid Requate univentionstaff 2017-09-07 12:43:54 CEST 
Ok, works
Comment 7 Arvid Requate univentionstaff 2017-09-07 14:36:39 CEST 
Re-opening as a sign that we first should fix Bug #44305 before releasing this to the public.

Also I just thought that a "Fix it" button would be useful, which runs "samba-tool ntacl sysvolreset". We should check Bug #38217 for that first.
Comment 8 Lukas Oyen univentionstaff 2017-09-19 15:54:12 CEST 
Implemented the `fix` in 45a3f09, YAML 2fface.
Comment 9 Arvid Requate univentionstaff 2017-09-19 17:35:07 CEST 
Works, awesome!
Comment 10 Erik Damrose univentionstaff 2017-09-20 15:04:00 CEST 
<http://errata.software-univention.de/ucs/4.2/166.html>