Rowland Penny
2022-Aug-22 12:03 UTC
[Samba] ERROR(runtime): uncaught exception - (3221225524, 'The object name is not found.')
On Mon, 2022-08-22 at 23:09 +1200, Michael Doerner | TechnologyWise via samba wrote:> Hi Louis > > thank you for the input. I will run that script tomorrow and will try > to > understand the output/results. > > Sorry for missing info about OS. This is a Samba Docker container > (from > Ubuntu sources) running on a Debian 9 (Stretch) Docker host. > > /etc/resolv.conf looks OK (compared with our own Samba instance which > is > actually an up to date version 4.15.9)It might be a permissions problem, but I doubt it, mainly because you have already done what the script does with 'samba-tool gpo aclcheck' Samba stores the GPO's in AD and mainly in Sysvol, 'samba-tool gpo aclcheck' iterates over the GPO data in AD and checks every GPO in Sysvol, it seems to be failing at 'share_pool' because it cannot be found. Rowland
Michael Doerner | TechnologyWise
2022-Aug-22 19:48 UTC
[Samba] ERROR(runtime): uncaught exception - (3221225524, 'The object name is not found.')
On 23/08/22 00:03, Rowland Penny via samba wrote:> On Mon, 2022-08-22 at 23:09 +1200, Michael Doerner | TechnologyWise via > samba wrote: >> Hi Louis >> >> thank you for the input. I will run that script tomorrow and will try >> to >> understand the output/results. >> >> Sorry for missing info about OS. This is a Samba Docker container >> (from >> Ubuntu sources) running on a Debian 9 (Stretch) Docker host. >> >> /etc/resolv.conf looks OK (compared with our own Samba instance which >> is >> actually an up to date version 4.15.9) > It might be a permissions problem, but I doubt it, mainly because you > have already done what the script does with 'samba-tool gpo aclcheck' > > Samba stores the GPO's in AD and mainly in Sysvol, 'samba-tool gpo > aclcheck' iterates over the GPO data in AD and checks every GPO in > Sysvol, it seems to be failing at 'share_pool' because it cannot be > found. > > RowlandThank you Rowland. The script output looks OK to me (as further below) and the 'share_pool' definitions are below. I will continue and hope to find a solution (and report back here). Michael from smb.conf: ... [sysvol] ??????? path = /var/lib/samba/sysvol ??????? read only = No [usr_profiles] ??????? path = /data/usr_profiles ??????? read only = no .. [share_pool] ??????? path = /data/share_pool ??????? read only = no root at dmh002sv:/# ls -la /data/ total 624 drwxr-xr-x?? 9 root root???????????????????? 4096 Aug 23 07:32 . drwxr-xr-x?? 1 root root???????????????????? 4096 Aug 23 07:33 .. .. drwxrwxr-t? 13 root DOMAINX\domain admins?? 4096 Jul 21 16:08 share_pool drwxrwxr-t+ 86 root DOMAINX\domain admins?? 4096 Jun 29 10:00 usr_homes drwxrwxr-t+ 84 root root???????????????????? 4096 Jun 29 09:59 usr_profiles drwxrwxr-t+? 2 root root???????????????????? 4096 Jun 28 10:15 vpn_certs root at dmh002sv:/# /data/samba-check-set-sysvol.sh INFO 2022-08-23 07:33:08,977 pid:31195 /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96: Loaded smb config files from /etc/samba/smb.conf INFO 2022-08-23 07:33:08,977 pid:31195 /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97: Loaded services file OK. Review the file : default-rights-sysvol.acl, these contains the defaults for sysvol. The sysvol ACLS info..... Please check your share rights for sysvol from within windows. If these are incorrect, correct them and run this script again. Set your sysvol SHARE permissions as followed. EVERYONE: READ Authenticated Users: FULL CONTROL (BUILTIN or NTDOM)\Administrators: FULL CONTROL (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL User/Group system is added compaired to a win2008R2 sysvol, you need this for some GPO settings. Set your sysvol FOLDER permissions as followed. Authenticated Users: Read & Exec, Show folder content, Read (BUILTIN or NTDOM)\Administrators: FULL CONTROL (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL