Kees van Vloten
2022-Jan-10 17:53 UTC
[Samba] Fwd: GPO incomplete / missing -> samba-tool crash
On 10-01-2022 18:32, Rowland Penny via samba wrote:> On Mon, 2022-01-10 at 18:23 +0100, Kees van Vloten via samba wrote: >> On 10-01-2022 18:10, Rowland Penny via samba wrote: >>> On Mon, 2022-01-10 at 18:04 +0100, Kees van Vloten via samba wrote: >>>> On 10-01-2022 17:59, David Mulder via samba wrote: >>>>> Check in adsi under CN=Policies,CN=System. You probably have >>>>> the >>>>> policy listed there in ldap still, which I assume needs to be >>>>> removed. >>>>> It'll be called CN={75991237-941B-47B9-AF67-853781EA44B3} >>>> Thanks David! >>>> >>>> I have no Windows machine at hand, will 'ldb*' do the same? >>> Yes it would, but if you have another DC and if it is still there, >>> you >>> could sync it back. >>> >>> Rowland >>> >>> >>> >> I have 2 DCs and it is gone on both. I guess the automatic sync did >> what >> it is supposed to do :-) . >> I am using the osync solution from wiki: >> https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround. >> >> Since I have the default policies only at the moment, I am a bit >> puzzled >> what happened, since there are still 2 policies on the filesystem >> but >> indeed 3 in LDAP in 'CN=Policies,CN=System,DC=samdom,DC=net'. >> >> Would there be any way to find a clue what the 3rd was? > Possibly, if it is using a standard GUID, but this unlikely. > > You are going to have to remove it from AD, not entirely sure how. > Do you have a backup you could obtain it from ? > > Rowland >Nope, there is not backup yet, as I am still busy setting up these systems. That implies that there is no serious harm done, it just should not have happened. I will try to remove the entries with ldbdel and then run the sysvolcheck and sysvolreset again. I do have a feature request: samba-tool does not react nicely on this situation. Either it crashes hard without a descent error message or (on delete) it tells me the policy does not exist (which is only partially true). Would be nice to have better error handling and in the case of the delete to just remove the remaining parts of the the policy. What would be the best way to address this? Create a bug? - Kees
dmulder at samba.org
2022-Jan-10 17:55 UTC
[Samba] Fwd: GPO incomplete / missing -> samba-tool crash
On 1/10/22 10:53 AM, Kees van Vloten via samba <samba at lists.samba.org> wrote:> > I do have a feature request: samba-tool does not react nicely on this > situation. Either it crashes hard without a descent error message or (on > delete) it tells me the policy does not exist (which is only partially > true). Would be nice to have better error handling and in the case of > the delete to just remove the remaining parts of the the policy. What > would be the best way to address this? Create a bug? > > - Kees >I'd say create a bug. I'm happy to work on it. - David