On 26/10/2012 11:03, Andrew Bartlett wrote:
On Fri, 2012-10-26 at 10:44 +0100, Alex Matthews wrote:
I'm assuming because of the way I laid my directory tree out I could
also just provision as normal and run the tests? Just makes it difficult
to "un-provision".
I did a bit of testing last night and sysvolcheck returns no errors
until the point that run the gpmc.msc on the XP domain member and click
ok to "fix" the inconsistent ACLs. At that point it returns the same
error. Running sysvolreset does not fix it either.
OK. This is more interesting. Can you show me first the output, and
then the level 10 log of that sysvolcheck command?
I'm particularly curious that a sysvolreset can't fix it.
A network capture of what gpmc does may be instructive also.
This is true, atleast, for the master branch, I haven't tested the
aclfix branch yet.
OK.
Given this info on the essential components involved (running gpmc.msc
once seems key), I think I have the steps to reproduce this here, which
I'll try tonight or tomorrow.
Thanks,
Andrew Bartlett
# bin/samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: VFS ACL on GPO directory
/root/samba_test/build_master/var/locks/sysvol/realm.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
O:DAG:DUD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;DA)(A;;0x00120089;;;ED)(A;;0x00120089;;;DA)(A;;0x00120089;;;EA)(A;;0x00120089;;;AU)(A;;0x00120089;;;SY)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;WO;;;CG)(A;OICIIO;0x001200a9;;;ED)(A;OICIIO;0x001f01ff;;;EA)(A;OICIIO;0x001200a9;;;AU)(A;OICIIO;0x001f01ff;;;SY)
does not match expected value
O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
from GPO object
File
"/root/samba_test/build_master/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/root/samba_test/build_master/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
line 245, in run
lp)
File
"/root/samba_test/build_master/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1574, in checksysvolacl
direct_db_access)
File
"/root/samba_test/build_master/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1526, in check_gpos_acl
domainsid, direct_db_access)
File
"/root/samba_test/build_master/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1476, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not
match expected value %s from GPO object' % (acl_type(direct_db_access),
path, fsacl_sddl, acl))
Level 10 sysvolcheck log: http://pastebin.com/QBHTKkqL
Do you want a wireshark packet log of GPMC or a samba level 10 log?
Thanks,
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
