Tâche #17213
Scénario #29624: Erreur reconfigure sur Seth + eole-gpo-script
erreur lors de l'exécution de la commande 'samba-tool ntacl sysvolcheck'
Status:
Fermé
Priority:
Normal
Assigned To:
-
Target version:
Start date:
09/22/2016
Due date:
% Done:
0%
Remaining (hours):
0.0
Description
Execute Synchro Sysvol
receiving file list ... done
Number of files: 23 (reg: 3, dir: 20)
Number of created files: 0
Number of deleted files: 0
Number of regular files transferred: 0
Total file size: 182 bytes
Total transferred file size: 0 bytes
Literal data: 0 bytes
Matched data: 0 bytes
File list size: 3,215
File list generation time: 0.204 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 19
Total bytes received: 3,226
sent 19 bytes received 3,226 bytes 6,490.00 bytes/sec
total size is 182 speedup is 0.06
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/USER/Scripts/Logoff O:BAG:DUD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1733, in checksysvolacl
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1684, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1650, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))
run-parts: /usr/share/eole/postservice/25-manage-samba exited with return code 255
Related issues
Associated revisions
Ajout debug3
REF #17213
Récupération ACL GPO dans self.sddl
Création check_gpos_acl
Correction Acl si erreur
Ajout set_acl dans savecontent, et create_directory_hier
REF #17213
La création des scripts dans NETLOGON doivent avoir des ACL
REF #17213
La suppression d'un GPO doit être plus robuste
REF #17213
Backport en 2.7.1 résolution pb ACL sur la GPO eole_script, cassant le
fonctionnement de SYSVOL
REF #17213
pas d'erreur si la GPO n'existe plus
REF #17213
Check Acl fausse hashdeep. Je le fais avant
REF #17213
History
#1 Updated by christophe guerinot about 7 years ago
messages lors de la première instanciation (lorsque les fichiers sont créés)
Execute Synchro Sysvol
receiving file list ... done
sysvol/
sysvol/ad-samba.eole.e2.rie.gouv.fr/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/GPT.INI
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/Scripts/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/Scripts/Shutdown/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/MACHINE/Scripts/Startup/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/USER/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/USER/Documents & Settings/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/USER/Scripts/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/USER/Scripts/Logoff/
sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/USER/Scripts/Logon/
sysvol/ad-samba.eole.e2.rie.gouv.fr/scripts/
Number of files: 23 (reg: 3, dir: 20)
Number of created files: 20 (reg: 3, dir: 17)
Number of deleted files: 0
Number of regular files transferred: 3
Total file size: 182 bytes
Total transferred file size: 182 bytes
Literal data: 182 bytes
Matched data: 0 bytes
File list size: 3,215
File list generation time: 0.242 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 209
Total bytes received: 15,202
sent 209 bytes received 15,202 bytes 10,274.00 bytes/sec
total size is 182 speedup is 0.01
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/ad-samba.eole.e2.rie.gouv.fr/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}/USER/Scripts/Logoff O:BAG:DUD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1733, in checksysvolacl
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1684, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1650, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))
run-parts: /usr/share/eole/postservice/25-manage-samba exited with return code 255
#2 Updated by christophe guerinot almost 7 years ago
- Status changed from Nouveau to Ne sera pas résolu
plus de problème depuis au moins la version 2.6.0-60 du paquet eole-ad-dc
devenu sans objet
#3 Updated by Gilles Grandgérard over 3 years ago
- Status changed from Ne sera pas résolu to En cours
- Parent task changed from #17183 to #29624
Ce problème est toujours d'actualité....
La création de répertoire dans netlogon/sysvol nécessite de positionner les ACL
Sinon la commande 'samba-tool ntacl sysvolcheck' affiche une erreur. Et dans ce cas, les GPO ne fonctionnent plus .....
#4 Updated by Gilles Grandgérard over 3 years ago
- Status changed from En cours to Fermé
- Remaining (hours) set to 0.0
#5 Updated by Gilles Grandgérard about 3 years ago
- Related to Tâche #30556: L'import de la GPO EOLE se fait un reconfigure sur 2 sur un Scribe added