On 30/10/2012 00:08, Jeremy Allison wrote:
On Tue, Oct 30, 2012 at 11:00:31AM +1100, Andrew Bartlett wrote:
be a particular trigger - but it shouldn't be able to make a
modification that doesn't go via vfs_acl_xattr.
For Alex, before running the Group Policy tools on WinXP, he gets (at
level 10 on samba-tool ntacl sysvolcheck):
get_nt_acl_internal: blob hash matches for
file
/root/samba_test/build_master/var/locks/sysvol/realm.com/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}
then after, he gets:
get_nt_acl_internal: blob hash does not match for
file
/root/samba_test/build_master/var/locks/sysvol/realm.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
- returning file system SD mapping.
Is this message from smbd, or from samba-tool ?
That's what vfs_acl_common is printing, being run from samba-tool ntacl
sysvolcheck. It links to the VFS layer.
So this looks like it's running the Group Policy tools on WinXP
that causes the problem ?
Can we get a debug level 10 log of that activity going on
against smbd ?
Jeremy.
Ok I have some additional info.
Using the GPMC I cannot create new GPOs. I get the message: "This
security ID may not be assigned as the owner of this object"
If I use samba-tool gpo create I get the following:
# bin/samba-tool gpo create "SMC Students"
ERROR(ldb): uncaught exception - LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS - <dsdb_access: Access check failed on
CN=Policies,CN=System,DC=internal,DC=stmaryscollege,DC=co,DC=uk> <>
File
"/vol/samba4/build/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/vol/samba4/build/lib64/python2.7/site-packages/samba/netcmd/gpo.py",
line 952, in run
self.samdb.add(m)
If I supply administrator as username I get:
# bin/samba-tool gpo create "SMC Students" -U administrator
Password for [SMC\administrator]:
ERROR(runtime): uncaught exception - (-1073741734,
'NT_STATUS_INVALID_OWNER')
File
"/vol/samba4/build/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/vol/samba4/build/lib64/python2.7/site-packages/samba/netcmd/gpo.py",
line 987, in run
conn.set_acl(sharepath, fs_sd, sio)
However this time it has successfully created the GPO. (GPMC still
throws the same warnings about inconsistent ACLs).
bin/samba-tool gpo create "SMC Students" -d 10: http://pastebin.com/tjutA68u
bin/samba-tool gpo create "SMC Students" -U administrator -d 10:
http://pastebin.com/8kkVEy7V
I would hazard a guess and say the GPMC error (when creating a GPO) is
the same error as the samba-tool error.
Thanks,
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
