Rick Hollinbeck
2025-Mar-26 15:13 UTC
[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol
Rowland and Michael...
Thanks for the help - it sounds like I should be close to getting this
working.
More troubleshooting...
Here is what my test Samba AD has after being freshly provisioned:
[drwxr-xr-x root???? root??? ]
/var/lib/samba/sysvol/sambatest327.com/Policies
??? [drwxr-xr-x root???? root??? ] {31B2F340-016D-11D2-945F-00C04FB984F9}
??? ??? [-rwxrwx--- root???? 3000000 ]? GPT.INI
??? ??? [drwxr-xr-x root???? root??? ]? MACHINE
??? ??? [drwxr-xr-x root???? 3000000 ]? USER
??? [drwxr-xr-x root???? root??? ] {6AC1786C-016F-11D2-945F-00C04FB984F9}
??? ??? [-rw-r--r-- root???? root??? ]? GPT.INI
??? ??? [drwxr-xr-x root???? root??? ]? MACHINE
??? ??? [drwxr-xr-x root???? root??? ]? USER
Here is what my broken Samba 4.17.12 has:
[drwxr-xr-x root???? root??? ]
/var/lib/samba/sysvol/samdom.example.com/Policies
??? [drwxrwx--- root???? BUILTIN\administrators]
{31B2F340-016D-11D2-945F-00C04FB984F9}
??? ??? [-rwxrwx--- root???? BUILTIN\administrators]? GPT.INI
??? ??? [drwxrwx--- root???? BUILTIN\administrators]? MACHINE
??? ??? [drwxrwx--- root???? BUILTIN\administrators]? USER
??? [drwxrwx--- root???? BUILTIN\administrators]
{6AC1786C-016F-11D2-945F-00C04FB984F9}
??? ??? [-rwxrwx--- root???? BUILTIN\administrators]? GPT.INI
??? ??? [drwxrwx--- root???? BUILTIN\administrators]? MACHINE
??? ??? [drwxrwx--- root???? BUILTIN\administrators]? USER
So... just a slight difference in the group ownership.
Here is the final part of an strace on the sysvolreset attempt:
....
read(17, "????????? policyguid=policyguid,"..., 8192) = 8192
read(17, "session_unix()\n??? fsacl = getnt"..., 8192) = 8192
read(17, "values for the krbtgt keys\n???? "..., 8192) = 8192
read(17, " up IPv6 addresses\")\n??????? hos"..., 8192) = 8192
read(17, "rid=next_rid, dc_rid=dc_rid, adm"..., 8192) = 5075
read(17, "", 8192)????????????????????? = 0
close(17)?????????????????????????????? = 0
newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/samba/ntacls.py",
{st_mode=S_IFREG|0644, st_size=24047, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/python3/dist-packages/samba/ntacls.py",
O_RDONLY|O_CLOEXEC) = 17
newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=24047, ...},
AT_EMPTY_PATH) = 0
ioctl(17, TCGETS, 0x7fdf40b8e0)???????? = -1 ENOTTY (Inappropriate ioctl
for device)
lseek(17, 0, SEEK_CUR)????????????????? = 0
read(17, "# Unix SMB/CIFS implementation.\n"..., 4096) = 4096
read(17, "\n??????? ntacl = ndr_unpack(xatt"..., 8192) = 8192
read(17, "n fdescr\n\n??? return fdescr.as_s"..., 8192) = 8192
read(17, "nfo, as_sddl=True)\n??????????? _"..., 8192) = 3567
read(17, "", 8192)????????????????????? = 0
close(17)?????????????????????????????? = 0
newfstatat(AT_FDCWD, "/usr/bin", {st_mode=S_IFDIR|0755, st_size=45056,
...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3.11", {st_mode=S_IFDIR|0755,
st_size=20480, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3.11/ast.py",
{st_mode=S_IFREG|0644, st_size=60667, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3.11/ast.py",
{st_mode=S_IFREG|0644, st_size=60667, ...}, 0) = 0
openat(AT_FDCWD,
"/usr/lib/python3.11/__pycache__/ast.cpython-311.pyc",
O_RDONLY|O_CLOEXEC) = 17
newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=108974, ...},
AT_EMPTY_PATH) = 0
ioctl(17, TCGETS, 0x7fdf40b550)???????? = -1 ENOTTY (Inappropriate ioctl
for device)
lseek(17, 0, SEEK_CUR)????????????????? = 0
lseek(17, 0, SEEK_CUR)????????????????? = 0
newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=108974, ...},
AT_EMPTY_PATH) = 0
read(17,
"\247\r\r\n\0\0\0\0*\202Kg\373\354\0\0\343\0\0\0\0\0\0\0\0\0\0\0\0\21\0\0"...,
108975) = 108974
read(17, "", 1)???????????????????????? = 0
close(17)?????????????????????????????? = 0
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f9dff9000
write(2, "? File \"/usr/lib/python3/dist-pa"..., 158? File
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185,
in _run
??? return self.run(*args, **kwargs)
?...
rest of traceback as before...
It's hard for me to tell how much of this strace is related to output of
the traceback itself after failing.
I'm still stumped here.
Rowland Penny
2025-Mar-26 16:48 UTC
[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol
On Wed, 26 Mar 2025 09:13:09 -0600 Rick Hollinbeck via samba <samba at lists.samba.org> wrote:> Rowland and Michael... > > Thanks for the help - it sounds like I should be close to getting > this working. > > More troubleshooting... > > Here is what my test Samba AD has after being freshly provisioned: > > [drwxr-xr-x root???? root??? ] > /var/lib/samba/sysvol/sambatest327.com/Policies > > ??? [drwxr-xr-x root???? root??? ] > {31B2F340-016D-11D2-945F-00C04FB984F9} ??? ??? [-rwxrwx--- root > 3000000 ]? GPT.INI ??? ??? [drwxr-xr-x root???? root??? ]? MACHINE > ??? ??? [drwxr-xr-x root???? 3000000 ]? USER > ??? [drwxr-xr-x root???? root??? ] > {6AC1786C-016F-11D2-945F-00C04FB984F9} ??? [-rw-r--r-- root???? root > ? ]? GPT.INI ??? [drwxr-xr-x root???? root??? ]? MACHINE > ??? ??? [drwxr-xr-x root???? root??? ]? USER > > Here is what my broken Samba 4.17.12 has: > > [drwxr-xr-x root???? root??? ] > /var/lib/samba/sysvol/samdom.example.com/Policies > > ??? [drwxrwx--- root???? BUILTIN\administrators] > {31B2F340-016D-11D2-945F-00C04FB984F9} > ??? ??? [-rwxrwx--- root???? BUILTIN\administrators]? GPT.INI > ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? MACHINE > ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? USER > ??? [drwxrwx--- root???? BUILTIN\administrators] > {6AC1786C-016F-11D2-945F-00C04FB984F9} > ??? ??? [-rwxrwx--- root???? BUILTIN\administrators]? GPT.INI > ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? MACHINE > ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? USER > > So... just a slight difference in the group ownership.Possibly not, have you installed the winbind nss links, the 3000000 ID suggests you haven't and that is probably the xidNumber for BUILTIN\administrators. Anyway this is what my sysvol is set to after running sysvolreset (yes, it does work ;-) ) [drwxrwx--- root BUILTIN\administrators] /var/lib/samba/sysvol | [drwxrwx--- root BUILTIN\administrators] samdom.example.com | [drwxrwx--- root BUILTIN\administrators] Policies | | | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] {31B2F340-016D-11D2-945F-00C04FB984F9} | | | | | [-rwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] GPT.INI | | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] MACHINE | | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] USER | | | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] {6AC1786C-016F-11D2-945F-00C04FB984F9} | | | [-rwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] GPT.INI | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] MACHINE | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] USER | [drwxrwx--- root BUILTIN\administrators] scripts Rowland
Possibly Parallel Threads
- Missing Policies folder in AD and /var/lib/samba/sysvol
- Experiment on how to improve our temporary file handing.
- missing msdfs referrals from samba directory listing: wrong order in smbd_dirptr_get_entry()?
- [klibc:master] syscalls: Add syscalls needed by arm64
- [PATCH 2/3] syscalls: Add syscalls needed by arm64