There still something off here.
I cant reproduce your error on my debian 10 DC's with 4.14.4
Post the following.
smb.conf
hosts
resolv.conf
nsswitch.conf
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Carlos via samba
> Verzonden: dinsdag 25 mei 2021 14:56
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND
>
> HI
>
> "I am unsure, have you given all the AD groups a gidNumber ?" I
dont
> understand.....
>
>
> Afters minutes(1 or 2), i recevived erro:
>
> samba-tool ntacl sysvolreset
>
> ...
>
> ...
>
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> set_nt_acl_conn: init_files_struct failed:
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> ERROR(runtime): uncaught exception - (3221225524, 'The object name is
> not found.')
> ? File
> "/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/__i
nit__.py", > line 186, in _run
> ??? return self.run(*args, **kwargs)
> ? File
>
"/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/ntacl.py",
> line 412, in run
> ??? provision.setsysvolacl(samdb, netlogon, sysvol,
> ? File
> "/usr/local/samba/lib/python3.8/site-packages/samba/provision/
> __init__.py",
> line 1754, in setsysvolacl
> ??? set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
> use_ntvfs, passdb=s4_passdb)
> ? File
> "/usr/local/samba/lib/python3.8/site-packages/samba/provision/
> __init__.py",
> line 1641, in set_gpos_acl
> ??? set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
> ? File
> "/usr/local/samba/lib/python3.8/site-packages/samba/provision/
> __init__.py",
> line 1604, in set_dir_acl
> ??? setntacl(lp, path, acl, domsid, session_info,
> use_ntvfs=use_ntvfs,
> skip_invalid_chown=True, passdb=passdb, service=service)
> ? File
> "/usr/local/samba/lib/python3.8/site-packages/samba/ntacls.py",
> line 230, in setntacl
> ??? smbd.set_nt_acl(
>
>
> ----
>
>
> More INFO(now):
>
>
> DC 1
>
> getfacl /usr/local/samba/var/locks/sysvol
> getfacl: Removing leading '/' from absolute path names
> # file: usr/local/samba/var/locks/sysvol
> # owner: root
> # group: BUILTIN\\administrators
> user::rwx
> user:root:rwx
> user:BUILTIN\\administrators:rwx
> user:BUILTIN\\server\040operators:r-x
> user:NT\040AUTHORITY\\system:rwx
> user:NT\040AUTHORITY\\authenticated\040users:r-x
> group::rwx
> group:BUILTIN\\administrators:rwx
> group:BUILTIN\\server\040operators:r-x
> group:NT\040AUTHORITY\\system:rwx
> group:NT\040AUTHORITY\\authenticated\040users:r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\\administrators:rwx
> default:user:BUILTIN\\server\040operators:r-x
> default:user:NT\040AUTHORITY\\system:rwx
> default:user:NT\040AUTHORITY\\authenticated\040users:r-x
> default:group::---
> default:group:BUILTIN\\administrators:rwx
> default:group:BUILTIN\\server\040operators:r-x
> default:group:NT\040AUTHORITY\\system:rwx
> default:group:NT\040AUTHORITY\\authenticated\040users:r-x
> default:mask::rwx
> default:other::---
>
>
> DC 2
>
> getfacl /usr/local/samba/var/locks/sysvol
> getfacl: Removing leading '/' from absolute path names
> # file: usr/local/samba/var/locks/sysvol
> # owner: root
> # group: BUILTIN\\administrators
> user::rwx
> user:root:rwx
> user:BUILTIN\\administrators:rwx
> user:BUILTIN\\server\040operators:r-x
> user:NT\040AUTHORITY\\system:rwx
> user:NT\040AUTHORITY\\authenticated\040users:r-x
> group::rwx
> group:BUILTIN\\administrators:rwx
> group:BUILTIN\\server\040operators:r-x
> group:NT\040AUTHORITY\\system:rwx
> group:NT\040AUTHORITY\\authenticated\040users:r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\\administrators:rwx
> default:user:BUILTIN\\server\040operators:r-x
> default:user:NT\040AUTHORITY\\system:rwx
> default:user:NT\040AUTHORITY\\authenticated\040users:r-x
> default:group::---
> default:group:BUILTIN\\administrators:rwx
> default:group:BUILTIN\\server\040operators:r-x
> default:group:NT\040AUTHORITY\\system:rwx
> default:group:NT\040AUTHORITY\\authenticated\040users:r-x
> default:mask::rwx
> default:other::---
>
>
> ------
>
>
> GPO with erro Now:
>
>
> DC1
>
> getfacl
> /usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/\{
149AD731-C29D-41E7-B1D4-1DECA7DBED58\}/GPT.INI >
> getfacl: Removing leading '/' from absolute path names
> # file:
> usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/{14
> 9AD731-C29D-41E7-B1D4-1DECA7DBED58}/GPT.INI
> # owner: BUILTIN\\administrators
> # group: users
> user::rwx
> user:NT\040AUTHORITY\\system:rwx
> user:XXXX\\enterprise\040admins:rwx
> user:XXXX\\domain\040admins:rwx
> user:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
> user:XXXX\\domain\040computers:r-x
> user:XXXX\\mercado_xxxx:r-x
> group::---
> group:users:---
> group:BUILTIN\\administrators:rwx
> group:NT\040AUTHORITY\\system:rwx
> group:XXXX\\enterprise\040admins:rwx
> group:XXXX\\domain\040admins:rwx
> group:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
> group:XXXX\\domain\040computers:r-x
> group:XXXX\\mercado_xxxx:r-x
> mask::rwx
> other::---
>
>
> DC 2
>
> getfacl
> /usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/\{
149AD731-C29D-41E7-B1D4-1DECA7DBED58\}/GPT.INI >
> getfacl: Removing leading '/' from absolute path names
> # file:
> usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/{14
> 9AD731-C29D-41E7-B1D4-1DECA7DBED58}/GPT.INI
> # owner: BUILTIN\\administrators
> # group: users
> user::rwx
> user:NT\040AUTHORITY\\system:rwx
> user:XXXX\\enterprise\040admins:rwx
> user:XXXX\\domain\040admins:rwx
> user:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
> user:XXXX\\domain\040computers:r-x
> user:XXXX\\mercado_xxxx:r-x
> group::---
> group:users:---
> group:BUILTIN\\administrators:rwx
> group:NT\040AUTHORITY\\system:rwx
> group:XXXX\\enterprise\040admins:rwx
> group:XXXX\\domain\040admins:rwx
> group:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
> group:XXXX\\domain\040computers:r-x
> group:XXXX\\mercado_xxxx:r-x
> mask::rwx
> other::---
>
>
> ----
>
>
> DC1
>
> getent passwd Administrator
> XXXX\administrator:*:0:100::/home/XXXX/administrator:/bin/false
>
>
> DC2
>
> getent passwd Administrator
> XXXX\administrator:*:0:100::/home/XXXX/administrator:/bin/false
>
>
> Regards;
>
>
> Em 25/05/2021 09:44, Rowland penny via samba escreveu:
> > On 25/05/2021 13:16, Carlos via samba wrote:
> >> HI!
> >>
> >> Good morning Louis :-D
> >>
> >> In Samba ADDC I did not configure (I understood that I
> didn?t need)
> >> the nsswitch part, but I did it now in DC 1 and DC2, it
> seems to me
> >> that it solved, even before the ids being the same in DC1 and DC2,
> >> now it remains the same with names, but gpupdate no longer gave an
> >> error and successfully loaded the police \ o /
> >>
> >> But the samba-tool ntacl sysvolreset gave a different
> error, it was
> >> in a loop with this message "idmap range not specified for
domain
> >> '*'", but im smb.conf of an ADDC if the idmap is not
> configured as I
> >> remember, at least I I never did it and I didn't even see
> it in the
> >> documentation.
> >>
> >> Is something else wrong now?
> >
> >
> > Yes and no ????
> >
> > You are getting that message because of a bug, you cannot
> use 'idmap
> > config' lines in a DC smb.conf, but there is a default line
> and that
> > is being picked up. You could normally ignore the error, but why
> > sysvolreset is looping around the error, I am unsure, have
> you given
> > all the AD groups a gidNumber ?
> >
> > Rowland
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>