Kees van Vloten
2022-Jan-10 16:53 UTC
[Samba] GPO incomplete / missing -> samba-tool crash
Hi team,
I am running 4.15.3 (from Louis') on Bullseye.
I have no clue how I got here, but the question is: how to get it fixed?
It looks like there is a policy defined in LDAP that does not exist on
the filesystem, in any case it makes samba-tool crashing:
samba-tool ntacl sysvolcheck
ERROR(<class 'TypeError'>): uncaught exception - (2, 'No such
file or
directory')
? File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
line
186, in _run
??? return self.run(*args, **kwargs)
? File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line
443, in run
??? provision.checksysvolacl(samdb, netlogon, sysvol,
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1876, in checksysvolacl
??? check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1826, in check_gpos_acl
??? check_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1766, in check_dir_acl
??? fsacl = getntacl(lp, path, session_info,
direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
? File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 112, in
getntacl
??? attribute = samba.xattr_native.wrap_getxattr(file
samba-tool ntacl sysvolreset
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is
not found.')
? File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
line
186, in _run
??? return self.run(*args, **kwargs)
? File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line
412, in run
??? provision.setsysvolacl(samdb, netlogon, sysvol,
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1754, in setsysvolacl
??? set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1641, in set_gpos_acl
??? set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
? File "/usr/lib/python3/dist-packages/samba/provision/__init__.py",
line 1604, in set_dir_acl
??? setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs,
skip_invalid_chown=True, passdb=passdb, service=service)
? File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 228, in
setntacl
??? smbd.set_nt_acl(
samba-tool gpo listall
GPO????????? : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path???????? :
\\samdom.net\sysvol\samdom.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn?????????? :
CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=samdom,DC=net
version????? : 0
flags??????? : NONE
GPO????????? : {75991237-941B-47B9-AF67-853781EA44B3}
ERROR(<class 'KeyError'>): uncaught exception - 'No such
element'
? File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
line
186, in _run
??? return self.run(*args, **kwargs)
? File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line
477,
in run
??? self.outf.write("display name : %s\n" %
m['displayName'][0])
The policy '{75991237-941B-47B9-AF67-853781EA44B3}' is not available on
the filesystem (/var/lib/sysvol/samdom.net/Policies).
When I try to remove it, it tells me:
samba-tool gpo del '{75991237-941B-47B9-AF67-853781EA44B3}'
ERROR: GPO '{75991237-941B-47B9-AF67-853781EA44B3}' does not exist
Strace shows that 'samba-tool ntacl sysvolcheck' also fails on the same
non-existing file:
strace samba-tool ntacl sysvolcheck
<removed lots of output>
getxattr("/var/lib/samba/sysvol/samdom.net/Policies/{75991237-941B-47B9-AF67-853781EA44B3}",
"security.NTACL", NULL, 0) = -1 ENOENT (No such file or directory)
write(2, "ERROR(<class 'TypeError'>): unca"...,
82ERROR(<class
'TypeError'>): uncaught exception - (2, 'No such file or
directory')
) = 82
<removed rest of output>
How to fix this issue?
- Kees
dmulder at samba.org
2022-Jan-10 16:59 UTC
[Samba] GPO incomplete / missing -> samba-tool crash
Check in adsi under CN=Policies,CN=System. You probably have the policy listed
there in ldap still, which I assume needs to be removed. It'll be called
CN={75991237-941B-47B9-AF67-853781EA44B3}
On 1/10/22 9:53 AM, Kees van Vloten via samba <samba at lists.samba.org>
wrote:> Hi team,
>
> I am running 4.15.3 (from Louis') on Bullseye.
> I have no clue how I got here, but the question is: how to get it fixed?
>
> It looks like there is a policy defined in LDAP that does not exist on
> the filesystem, in any case it makes samba-tool crashing:
>
> samba-tool ntacl sysvolcheck
> ERROR(<class 'TypeError'>): uncaught exception - (2, 'No
such file or
> directory')
> ? File
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
> 186, in _run
> ??? return self.run(*args, **kwargs)
> ? File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py",
line
> 443, in run
> ??? provision.checksysvolacl(samdb, netlogon, sysvol,
> ? File
"/usr/lib/python3/dist-packages/samba/provision/__init__.py",
> line 1876, in checksysvolacl
> ??? check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
> ? File
"/usr/lib/python3/dist-packages/samba/provision/__init__.py",
> line 1826, in check_gpos_acl
> ??? check_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
> ? File
"/usr/lib/python3/dist-packages/samba/provision/__init__.py",
> line 1766, in check_dir_acl
> ??? fsacl = getntacl(lp, path, session_info,
> direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
> ? File "/usr/lib/python3/dist-packages/samba/ntacls.py", line
112, in
> getntacl
> ??? attribute = samba.xattr_native.wrap_getxattr(file
>
> samba-tool ntacl sysvolreset
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> idmap range not specified for domain '*'
> Could not find opname rename, logging all
> Could not find opname rename, logging all
> Could not find opname rename, logging all
> Could not find opname rename, logging all
> Could not find opname rename, logging all
> set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
> ERROR(runtime): uncaught exception - (3221225524, 'The object name is
> not found.')
> ? File
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
> 186, in _run
> ??? return self.run(*args, **kwargs)
> ? File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py",
line
> 412, in run
> ??? provision.setsysvolacl(samdb, netlogon, sysvol,
> ? File
"/usr/lib/python3/dist-packages/samba/provision/__init__.py",
> line 1754, in setsysvolacl
> ??? set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
> use_ntvfs, passdb=s4_passdb)
> ? File
"/usr/lib/python3/dist-packages/samba/provision/__init__.py",
> line 1641, in set_gpos_acl
> ??? set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
> ? File
"/usr/lib/python3/dist-packages/samba/provision/__init__.py",
> line 1604, in set_dir_acl
> ??? setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs,
> skip_invalid_chown=True, passdb=passdb, service=service)
> ? File "/usr/lib/python3/dist-packages/samba/ntacls.py", line
228, in
> setntacl
> ??? smbd.set_nt_acl(
>
>
> samba-tool gpo listall
> GPO????????? : {6AC1786C-016F-11D2-945F-00C04FB984F9}
> display name : Default Domain Controllers Policy
> path???????? :
>
\\samdom.net\sysvol\samdom.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}
>
> dn?????????? :
>
CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=samdom,DC=net
>
> version????? : 0
> flags??????? : NONE
>
> GPO????????? : {75991237-941B-47B9-AF67-853781EA44B3}
> ERROR(<class 'KeyError'>): uncaught exception - 'No such
element'
> ? File
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
> 186, in _run
> ??? return self.run(*args, **kwargs)
> ? File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py",
line 477,
> in run
> ??? self.outf.write("display name : %s\n" %
m['displayName'][0])
>
> The policy '{75991237-941B-47B9-AF67-853781EA44B3}' is not
available on
> the filesystem (/var/lib/sysvol/samdom.net/Policies).
> When I try to remove it, it tells me:
>
> samba-tool gpo del '{75991237-941B-47B9-AF67-853781EA44B3}'
> ERROR: GPO '{75991237-941B-47B9-AF67-853781EA44B3}' does not exist
>
>
> Strace shows that 'samba-tool ntacl sysvolcheck' also fails on the
same
> non-existing file:
>
> strace samba-tool ntacl sysvolcheck
> <removed lots of output>
>
>
getxattr("/var/lib/samba/sysvol/samdom.net/Policies/{75991237-941B-47B9-AF67-853781EA44B3}",
> "security.NTACL", NULL, 0) = -1 ENOENT (No such file or
directory)
> write(2, "ERROR(<class 'TypeError'>): unca"...,
82ERROR(<class
> 'TypeError'>): uncaught exception - (2, 'No such file or
directory')
> ) = 82
>
> <removed rest of output>
>
> How to fix this issue?
>
> - Kees
>
>
>
On Mon, 2022-01-10 at 17:53 +0100, Kees van Vloten via samba wrote:> Hi team, > > I am running 4.15.3 (from Louis') on Bullseye. > I have no clue how I got here, but the question is: how to get it > fixed? > > It looks like there is a policy defined in LDAP that does not exist > on > the filesystem, in any case it makes samba-tool crashing: > > samba-tool ntacl sysvolcheck > ERROR(<class 'TypeError'>): uncaught exception - (2, 'No such file > or > directory') > File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", > line > 186, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line > 443, in run > provision.checksysvolacl(samdb, netlogon, sysvol, > File "/usr/lib/python3/dist- > packages/samba/provision/__init__.py", > line 1876, in checksysvolacl > check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, > lp, > File "/usr/lib/python3/dist- > packages/samba/provision/__init__.py", > line 1826, in check_gpos_acl > check_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp, > File "/usr/lib/python3/dist- > packages/samba/provision/__init__.py", > line 1766, in check_dir_acl > fsacl = getntacl(lp, path, session_info, > direct_db_access=direct_db_access, service=SYSVOL_SERVICE) > File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 112, > in > getntacl > attribute = samba.xattr_native.wrap_getxattr(file > > samba-tool ntacl sysvolreset > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > idmap range not specified for domain '*' > Could not find opname rename, logging all > Could not find opname rename, logging all > Could not find opname rename, logging all > Could not find opname rename, logging all > Could not find opname rename, logging all > set_nt_acl_conn: init_files_struct failed: > NT_STATUS_OBJECT_NAME_NOT_FOUND > ERROR(runtime): uncaught exception - (3221225524, 'The object name > is > not found.') > File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", > line > 186, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line > 412, in run > provision.setsysvolacl(samdb, netlogon, sysvol, > File "/usr/lib/python3/dist- > packages/samba/provision/__init__.py", > line 1754, in setsysvolacl > set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, > use_ntvfs, passdb=s4_passdb) > File "/usr/lib/python3/dist- > packages/samba/provision/__init__.py", > line 1641, in set_gpos_acl > set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp, > File "/usr/lib/python3/dist- > packages/samba/provision/__init__.py", > line 1604, in set_dir_acl > setntacl(lp, path, acl, domsid, session_info, > use_ntvfs=use_ntvfs, > skip_invalid_chown=True, passdb=passdb, service=service) > File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 228, > in > setntacl > smbd.set_nt_acl( > > > samba-tool gpo listall > GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9} > display name : Default Domain Controllers Policy > path : > \\samdom.net\sysvol\samdom.net\Policies\{6AC1786C-016F-11D2-945F- > 00C04FB984F9} > dn : > CN={6AC1786C-016F-11D2-945F- > 00C04FB984F9},CN=Policies,CN=System,DC=samdom,DC=net > version : 0 > flags : NONE > > GPO : {75991237-941B-47B9-AF67-853781EA44B3} > ERROR(<class 'KeyError'>): uncaught exception - 'No such element' > File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", > line > 186, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line > 477, > in run > self.outf.write("display name : %s\n" % m['displayName'][0]) > > The policy '{75991237-941B-47B9-AF67-853781EA44B3}' is not available > on > the filesystem (/var/lib/sysvol/samdom.net/Policies). > When I try to remove it, it tells me: > > samba-tool gpo del '{75991237-941B-47B9-AF67-853781EA44B3}' > ERROR: GPO '{75991237-941B-47B9-AF67-853781EA44B3}' does not exist > > > Strace shows that 'samba-tool ntacl sysvolcheck' also fails on the > same > non-existing file: > > strace samba-tool ntacl sysvolcheck > <removed lots of output> > > getxattr("/var/lib/samba/sysvol/samdom.net/Policies/{75991237-941B- > 47B9-AF67-853781EA44B3}", > "security.NTACL", NULL, 0) = -1 ENOENT (No such file or directory) > write(2, "ERROR(<class 'TypeError'>): unca"..., 82ERROR(<class > 'TypeError'>): uncaught exception - (2, 'No such file or directory') > ) = 82 > > <removed rest of output> > > How to fix this issue?GPO's are stored in two places, in AD at 'CN=Policies,CN=System,DC=samdom,DC=net' and in Sysvol '/var/lib/samba/sysvol/samdom.net/Policies' It looks like it is still in AD, but has been deleted on disk. Rowland