I have a domain that I upgraded from a Samba 3/LDAP set up about a year
ago. I haven't done anything too interesting with it and it's generally
been working OK.
I attempted to create a new GPO for my domain. From a Win 7 client I get an
error "This security ID may not be assigned as the owner of this
object".
Thinking this was an issue with sysvol acls, I ran "samba-tool ntacl
sysvolcheck" which exploded with:
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61,
'No data
available')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py",
line
249, in run
lp)
File
"/usr/lib64/python2.6/site-packages/samba/provision/__init__.py",
line 1686, in checksysvolacl
fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access,
service=SYSVOL_SERVICE)
File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", line 73,
in
getntacl
xattr.XATTR_NTACL_NAME)
After reading some other peoples experiences I tried doing a sysvolrepair
which completed, but did not fix either of the issues.
I also tried creating the GPO with "samba-tool gpo create 'New
GPO'" which
gave an error that smells similar to the error Win 7 GPO Management
reported:
ERROR(runtime): uncaught exception - (-1073741734,
'NT_STATUS_INVALID_OWNER')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/gpo.py", line
1000,
in run
conn.set_acl(sharepath, fs_sd, sio)
I'm running 4.1.6-SerNet-RedHat-7.el6 on Centos 6.5.
Any ideas where to look next?
Try: samba-tool gpo aclcheck And then samba-tool ntacl sysvol --use-s3fs samba-tool ntacl sysvol --use-ntvfs Hope this will fix your problem. On 21/04/14 23:30, Ryan Bair wrote:> I have a domain that I upgraded from a Samba 3/LDAP set up about a year > ago. I haven't done anything too interesting with it and it's generally > been working OK. > > I attempted to create a new GPO for my domain. From a Win 7 client I get an > error "This security ID may not be assigned as the owner of this object". > > Thinking this was an issue with sysvol acls, I ran "samba-tool ntacl > sysvolcheck" which exploded with: > ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data > available') > File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line > 249, in run > lp) > File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", > line 1686, in checksysvolacl > fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, > service=SYSVOL_SERVICE) > File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", line 73, in > getntacl > xattr.XATTR_NTACL_NAME) > > After reading some other peoples experiences I tried doing a sysvolrepair > which completed, but did not fix either of the issues. > > I also tried creating the GPO with "samba-tool gpo create 'New GPO'" which > gave an error that smells similar to the error Win 7 GPO Management > reported: > ERROR(runtime): uncaught exception - (-1073741734, > 'NT_STATUS_INVALID_OWNER') > File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/gpo.py", line 1000, > in run > conn.set_acl(sharepath, fs_sd, sio) > > I'm running 4.1.6-SerNet-RedHat-7.el6 on Centos 6.5. > > Any ideas where to look next?-- I?igo Mart?nez Lasala Director de IT ____________________________ Tel.: (+34) 91 183 03 00 Camino del Cerro de los Gamos, 1 ? Edificio 6 28224 Pozuelo de Alarc?n Madrid - Espa?a ____________________________ Vector Software Factory www.vectorsf.com Condiciones de Confidencialidad
Hello Ryan, Am 21.04.2014 23:30, schrieb Ryan Bair:> I have a domain that I upgraded from a Samba 3/LDAP set up about a year > ago. I haven't done anything too interesting with it and it's generally > been working OK. > > I attempted to create a new GPO for my domain. From a Win 7 client I get an > error "This security ID may not be assigned as the owner of this object". > > Thinking this was an issue with sysvol acls, I ran "samba-tool ntacl > sysvolcheck" which exploded with: > ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data > available') > File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ntacl.py", line > 249, in run > lp) > File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", > line 1686, in checksysvolacl > fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, > service=SYSVOL_SERVICE) > File "/usr/lib64/python2.6/site-packages/samba/ntacls.py", line 73, in > getntacl > xattr.XATTR_NTACL_NAME) > > After reading some other peoples experiences I tried doing a sysvolrepair > which completed, but did not fix either of the issues. > > I also tried creating the GPO with "samba-tool gpo create 'New GPO'" which > gave an error that smells similar to the error Win 7 GPO Management > reported: > ERROR(runtime): uncaught exception - (-1073741734, > 'NT_STATUS_INVALID_OWNER') > File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/gpo.py", line 1000, > in run > conn.set_acl(sharepath, fs_sd, sio) > > I'm running 4.1.6-SerNet-RedHat-7.el6 on Centos 6.5. > > Any ideas where to look next?Is this a setup you have upgraded from an early 4.0 version? https://wiki.samba.org/index.php/Updating_Samba#Updates_of_early_Samba_4_version_on_Samba_Active_Directory_DCs Even if it's a fresh 4.1 installation, this commands should execut without any error. Was your sysvol share provisioned with NTVFS or smb3fs? Regards, Marc