thr3ads.net - samba - [Samba] NT_STATUS_OBJECT_NAME_NOT

If this information is useful, please help other people find it:
Share via:

Carlos

2021-May-25 12:55 UTC

[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND

HI

"I am unsure, have you given all the AD groups a gidNumber ?" I dont 
understand.....


Afters minutes(1 or 2), i recevived erro:

samba-tool ntacl sysvolreset

...

...

idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
idmap range not specified for domain '*'
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is 
not found.')
 ? File 
"/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/__init__.py",
line 186, in _run
 ??? return self.run(*args, **kwargs)
 ? File 
"/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/ntacl.py", 
line 412, in run
 ??? provision.setsysvolacl(samdb, netlogon, sysvol,
 ? File 
"/usr/local/samba/lib/python3.8/site-packages/samba/provision/__init__.py",
line 1754, in setsysvolacl
 ??? set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, 
use_ntvfs, passdb=s4_passdb)
 ? File 
"/usr/local/samba/lib/python3.8/site-packages/samba/provision/__init__.py",
line 1641, in set_gpos_acl
 ??? set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
 ? File 
"/usr/local/samba/lib/python3.8/site-packages/samba/provision/__init__.py",
line 1604, in set_dir_acl
 ??? setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs, 
skip_invalid_chown=True, passdb=passdb, service=service)
 ? File
"/usr/local/samba/lib/python3.8/site-packages/samba/ntacls.py",
line 230, in setntacl
 ??? smbd.set_nt_acl(


----


More INFO(now):


DC 1

getfacl /usr/local/samba/var/locks/sysvol
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: BUILTIN\\administrators
user::rwx
user:root:rwx
user:BUILTIN\\administrators:rwx
user:BUILTIN\\server\040operators:r-x
user:NT\040AUTHORITY\\system:rwx
user:NT\040AUTHORITY\\authenticated\040users:r-x
group::rwx
group:BUILTIN\\administrators:rwx
group:BUILTIN\\server\040operators:r-x
group:NT\040AUTHORITY\\system:rwx
group:NT\040AUTHORITY\\authenticated\040users:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\\administrators:rwx
default:user:BUILTIN\\server\040operators:r-x
default:user:NT\040AUTHORITY\\system:rwx
default:user:NT\040AUTHORITY\\authenticated\040users:r-x
default:group::---
default:group:BUILTIN\\administrators:rwx
default:group:BUILTIN\\server\040operators:r-x
default:group:NT\040AUTHORITY\\system:rwx
default:group:NT\040AUTHORITY\\authenticated\040users:r-x
default:mask::rwx
default:other::---


DC 2

getfacl /usr/local/samba/var/locks/sysvol
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: BUILTIN\\administrators
user::rwx
user:root:rwx
user:BUILTIN\\administrators:rwx
user:BUILTIN\\server\040operators:r-x
user:NT\040AUTHORITY\\system:rwx
user:NT\040AUTHORITY\\authenticated\040users:r-x
group::rwx
group:BUILTIN\\administrators:rwx
group:BUILTIN\\server\040operators:r-x
group:NT\040AUTHORITY\\system:rwx
group:NT\040AUTHORITY\\authenticated\040users:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\\administrators:rwx
default:user:BUILTIN\\server\040operators:r-x
default:user:NT\040AUTHORITY\\system:rwx
default:user:NT\040AUTHORITY\\authenticated\040users:r-x
default:group::---
default:group:BUILTIN\\administrators:rwx
default:group:BUILTIN\\server\040operators:r-x
default:group:NT\040AUTHORITY\\system:rwx
default:group:NT\040AUTHORITY\\authenticated\040users:r-x
default:mask::rwx
default:other::---


------


GPO with erro Now:


DC1

getfacl 
/usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/\{149AD731-C29D-41E7-B1D4-1DECA7DBED58\}/GPT.INI

getfacl: Removing leading '/' from absolute path names
# file: 
usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/{149AD731-C29D-41E7-B1D4-1DECA7DBED58}/GPT.INI
# owner: BUILTIN\\administrators
# group: users
user::rwx
user:NT\040AUTHORITY\\system:rwx
user:XXXX\\enterprise\040admins:rwx
user:XXXX\\domain\040admins:rwx
user:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
user:XXXX\\domain\040computers:r-x
user:XXXX\\mercado_xxxx:r-x
group::---
group:users:---
group:BUILTIN\\administrators:rwx
group:NT\040AUTHORITY\\system:rwx
group:XXXX\\enterprise\040admins:rwx
group:XXXX\\domain\040admins:rwx
group:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
group:XXXX\\domain\040computers:r-x
group:XXXX\\mercado_xxxx:r-x
mask::rwx
other::---


DC 2

getfacl 
/usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/\{149AD731-C29D-41E7-B1D4-1DECA7DBED58\}/GPT.INI

getfacl: Removing leading '/' from absolute path names
# file: 
usr/local/samba/var/locks/sysvol/xxxx.xxxx.com.br/Policies/{149AD731-C29D-41E7-B1D4-1DECA7DBED58}/GPT.INI
# owner: BUILTIN\\administrators
# group: users
user::rwx
user:NT\040AUTHORITY\\system:rwx
user:XXXX\\enterprise\040admins:rwx
user:XXXX\\domain\040admins:rwx
user:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
user:XXXX\\domain\040computers:r-x
user:XXXX\\mercado_xxxx:r-x
group::---
group:users:---
group:BUILTIN\\administrators:rwx
group:NT\040AUTHORITY\\system:rwx
group:XXXX\\enterprise\040admins:rwx
group:XXXX\\domain\040admins:rwx
group:NT\040AUTHORITY\\enterprise\040domain\040controllers:r-x
group:XXXX\\domain\040computers:r-x
group:XXXX\\mercado_xxxx:r-x
mask::rwx
other::---


----


DC1

getent passwd Administrator
XXXX\administrator:*:0:100::/home/XXXX/administrator:/bin/false


DC2

getent passwd Administrator
XXXX\administrator:*:0:100::/home/XXXX/administrator:/bin/false


Regards;


Em 25/05/2021 09:44, Rowland penny via samba escreveu:> On 25/05/2021 13:16, Carlos via samba wrote:
>> HI!
>>
>> Good morning Louis :-D
>>
>> In Samba ADDC I did not configure (I understood that I didn?t need) 
>> the nsswitch part, but I did it now in DC 1 and DC2, it seems to me 
>> that it solved, even before the ids being the same in DC1 and DC2, 
>> now it remains the same with names, but gpupdate no longer gave an 
>> error and successfully loaded the police \ o /
>>
>> But the samba-tool ntacl sysvolreset gave a different error, it was 
>> in a loop with this message "idmap range not specified for domain 
>> '*'", but im smb.conf of an ADDC if the idmap is not
configured as I
>> remember, at least I I never did it and I didn't even see it in the
>> documentation.
>>
>> Is something else wrong now?
>
>
> Yes and no ?
>
> You are getting that message because of a bug, you cannot use 'idmap 
> config' lines in a DC smb.conf, but there is a default line and that 
> is being picked up. You could normally ignore the error, but why 
> sysvolreset is looping around the error, I am unsure, have you given 
> all the AD groups a gidNumber ?
>
> Rowland
>
>
>

Rowland penny

2021-May-25 13:54 UTC

head link

[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND

On 25/05/2021 13:55, Carlos via samba wrote:> HI
>
> "I am unsure, have you given all the AD groups a gidNumber ?" I
dont
> understand.....

Can you run these commands on a DC:

sudo ldbsearch -H ldap://"$(host -t SRV 
_ldap._tcp.pdc._msdcs."$(hostname -d)" | awk '{print $NF}' |
awk -F '.'
'{print $1}')" -P -b "CN=Policies,CN=System,$(echo
"DC=$(hostname -d)" |
sed 's/\./,DC=/g')" -s sub
'(objectClass=groupPolicyContainer)' cn |
grep 'cn:'

sudo ls /var/lib/samba/sysvol/$(hostname -d)/Policies

Do the outputs show the same GPO's ?

Rowland

samba - May 2021 - NT_STATUS_OBJECT_NAME_NOT_FOUND

[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND

[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND