Elias Pereira
2017-Jun-07 17:16 UTC
[Samba] sysvolreset command result in "Undetermined error"
Hello, I deleted some GPOs via ADUC. After that I also deleted the folder for each GPO. I do not know if that was correct to do! :( Now when I run the samba-tool command ntacl sysvolreset, the following error occurs. root at DC1:~# samba-tool ntacl sysvolreset *open: error=2 (No such file or directory)* ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 239, in run lp, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1514, in set_gpos_acl passdb=passdb) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1477, in set_dir_acl setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 128, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2, service=service) I have also tried the requested at the link below, but without success. https://wiki.samba.org/index.php/Updating_Samba#Fixing_Incorrect_Sysvol_and_Directory_ACLs root at DC1:/var/lib/samba/sysvol/addc.poa.ifrs.edu.br# ls -lah total 40K drwxrwx---+ 5 root BUILTIN\administrators 4.0K May 30 18:52 . drwxrwx---+ 5 root BUILTIN\administrators 4.0K Jun 7 13:55 .. drwxrwx---+ 4 root BUILTIN\administrators 4.0K Jun 7 13:25 *Policies* drwxrwx---+ 2 root BUILTIN\administrators 4.0K May 20 10:15 scripts drwxrwx---+ 11 root BUILTIN\administrators 4.0K May 30 19:01 StarterGPOs Any idea? -- Elias Pereira
Rowland Penny
2017-Jun-07 17:36 UTC
[Samba] sysvolreset command result in "Undetermined error"
On Wed, 7 Jun 2017 14:16:31 -0300 Elias Pereira via samba <samba at lists.samba.org> wrote:> Hello, > > I deleted some GPOs via ADUC. After that I also deleted the folder > for each GPO. I do not know if that was correct to do! :( > > Now when I run the samba-tool command ntacl sysvolreset, the following > error occurs. > > root at DC1:~# samba-tool ntacl sysvolreset > *open: error=2 (No such file or directory)* > ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined > error') File > "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 176, in _run return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > 239, in run > lp, use_ntvfs=use_ntvfs) > File > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, > domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) > File > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > 1514, in set_gpos_acl passdb=passdb) > File > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > 1477, in set_dir_acl setntacl(lp, path, acl, domsid, > use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, > service=service) File > "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 128, in > setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER > |security.SECINFO_GROUP | security.SECINFO_DACL | > security.SECINFO_SACL, sd2, service=service) >You still have the GPO objects in AD, you will need to find these and remove them. Rowland
Elias Pereira
2017-Jun-07 23:36 UTC
[Samba] sysvolreset command result in "Undetermined error"
Rowland, I solved this problem by removing old entries as you mentioned. Now the problem is that I lost access to my fileserver. I do not know why. If there is a problem with GPO. :( log: [2017/06/07 20:26:50.620631, 3] ../source3/smbd/oplock.c:1301(init_oplocks) init_oplocks: initializing messages. [2017/06/07 20:26:50.620835, 3] ../source3/smbd/process.c:1957(process_smb) Transaction 0 of length 137 (0 toread) [2017/06/07 20:26:50.620898, 3] ../source3/smbd/process.c:1538(switch_message) switch message SMBnegprot (pid 1488) conn 0x0 [2017/06/07 20:26:50.622602, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2017/06/07 20:26:50.622645, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LANMAN1.0] [2017/06/07 20:26:50.622667, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2017/06/07 20:26:50.622678, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LM1.2X002] [2017/06/07 20:26:50.622691, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LANMAN2.1] [2017/06/07 20:26:50.622712, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [NT LM 0.12] [2017/06/07 20:26:50.622822, 5] ../source3/auth/auth.c:477(make_auth_context_subsystem) Making default auth method list for server role = 'domain member' [2017/06/07 20:26:50.622854, 5] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend trustdomain [2017/06/07 20:26:50.622915, 5] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'trustdomain' [2017/06/07 20:26:50.622930, 5] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend ntdomain [2017/06/07 20:26:50.622958, 5] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'ntdomain' [2017/06/07 20:26:50.622970, 5] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend guest [2017/06/07 20:26:50.622980, 5] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'guest' [2017/06/07 20:26:50.622995, 5] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam [2017/06/07 20:26:50.623004, 5] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam' [2017/06/07 20:26:50.623026, 5] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2017/06/07 20:26:50.623056, 5] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2017/06/07 20:26:50.623081, 5] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend winbind [2017/06/07 20:26:50.623102, 5] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'winbind' [2017/06/07 20:26:50.623110, 5] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend unix [2017/06/07 20:26:50.623120, 5] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'unix' [2017/06/07 20:26:50.623133, 5] ../source3/auth/auth.c:48(smb_register_auth) Attempting to register auth backend wbc [2017/06/07 20:26:50.623141, 5] ../source3/auth/auth.c:60(smb_register_auth) Successfully added auth method 'wbc' [2017/06/07 20:26:50.623151, 5] ../source3/auth/auth.c:378(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2017/06/07 20:26:50.623162, 5] ../source3/auth/auth.c:403(load_auth_module) load_auth_module: auth method guest has a valid init [2017/06/07 20:26:50.623187, 5] ../source3/auth/auth.c:378(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2017/06/07 20:26:50.623197, 5] ../source3/auth/auth.c:403(load_auth_module) load_auth_module: auth method sam has a valid init [2017/06/07 20:26:50.623207, 5] ../source3/auth/auth.c:378(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind:ntdomain [2017/06/07 20:26:50.623216, 5] ../source3/auth/auth.c:378(load_auth_module) load_auth_module: Attempting to find an auth method to match ntdomain [2017/06/07 20:26:50.623227, 5] ../source3/auth/auth.c:403(load_auth_module) load_auth_module: auth method ntdomain has a valid init [2017/06/07 20:26:50.623247, 5] ../source3/auth/auth.c:403(load_auth_module) load_auth_module: auth method winbind has a valid init [2017/06/07 20:26:50.670223, 3] ../source3/smbd/negprot.c:394(reply_nt1) using SPNEGO [2017/06/07 20:26:50.670256, 3] ../source3/smbd/negprot.c:744(reply_negprot) Selected protocol NT LM 0.12 [2017/06/07 20:26:50.697366, 3] ../source3/smbd/process.c:1957(process_smb) Transaction 1 of length 1784 (0 toread) [2017/06/07 20:26:50.697399, 3] ../source3/smbd/process.c:1538(switch_message) switch message SMBsesssetupX (pid 1488) conn 0x0 [2017/06/07 20:26:50.697433, 3] ../source3/smbd/sesssetup.c:623(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2017/06/07 20:26:50.697466, 2] ../source3/smbd/sesssetup.c:563(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2017/06/07 20:26:50.697477, 3] ../source3/smbd/sesssetup.c:140(reply_sesssetup_and_X_spnego) Doing spnego session setup [2017/06/07 20:26:50.697493, 3] ../source3/smbd/sesssetup.c:181(reply_sesssetup_and_X_spnego) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2017/06/07 20:26:50.697634, 5] ../source3/auth/auth.c:477(make_auth_context_subsystem) Making default auth method list for server role = 'domain member' [2017/06/07 20:26:50.697661, 5] ../source3/auth/auth.c:378(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2017/06/07 20:26:50.697672, 5] ../source3/auth/auth.c:403(load_auth_module) load_auth_module: auth method guest has a valid init [2017/06/07 20:26:50.697681, 5] ../source3/auth/auth.c:378(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2017/06/07 20:26:50.697693, 5] ../source3/auth/auth.c:403(load_auth_module) load_auth_module: auth method sam has a valid init [2017/06/07 20:26:50.697711, 5] ../source3/auth/auth.c:378(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind:ntdomain [2017/06/07 20:26:50.697720, 5] ../source3/auth/auth.c:378(load_auth_module) load_auth_module: Attempting to find an auth method to match ntdomain [2017/06/07 20:26:50.697736, 5] ../source3/auth/auth.c:403(load_auth_module) load_auth_module: auth method ntdomain has a valid init [2017/06/07 20:26:50.697746, 5] ../source3/auth/auth.c:403(load_auth_module) load_auth_module: auth method winbind has a valid init [2017/06/07 20:26:50.743116, 1] ../source3/librpc/crypto/gse.c:646(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/fileserver.addc.poa.ifrs.edu.br at ADDC.POA.IFRS.EDU.BR(kvno 2) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] [2017/06/07 20:26:50.743154, 1] ../auth/gensec/spnego.c:569(gensec_spnego_parse_negTokenInit) SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE [2017/06/07 20:26:50.743211, 2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_LOGON_FAILURE [2017/06/07 20:26:50.743263, 3] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/sesssetup.c(277) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2017/06/07 20:26:50.750510, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (failed to receive smb request) On Wed, Jun 7, 2017 at 2:36 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Wed, 7 Jun 2017 14:16:31 -0300 > Elias Pereira via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > I deleted some GPOs via ADUC. After that I also deleted the folder > > for each GPO. I do not know if that was correct to do! :( > > > > Now when I run the samba-tool command ntacl sysvolreset, the following > > error occurs. > > > > root at DC1:~# samba-tool ntacl sysvolreset > > *open: error=2 (No such file or directory)* > > ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined > > error') File > > "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > > 176, in _run return self.run(*args, **kwargs) > > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > > 239, in run > > lp, use_ntvfs=use_ntvfs) > > File > > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > > 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, > > domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) > > File > > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > > 1514, in set_gpos_acl passdb=passdb) > > File > > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > > 1477, in set_dir_acl setntacl(lp, path, acl, domsid, > > use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, > > service=service) File > > "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 128, in > > setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER > > |security.SECINFO_GROUP | security.SECINFO_DACL | > > security.SECINFO_SACL, sd2, service=service) > > > > You still have the GPO objects in AD, you will need to find these and > remove them. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira
Maybe Matching Threads
- Samba 4.6.0 - Domain admin can't list nor access shares on file server
- vfs_shadow_copy2 woes / WITH logs
- sysvolreset command result in "Undetermined error"
- accessing foreign AD users to NT domain
- Request for credential for just one user on one specific machine when using FQDN