Rick Hollinbeck
2025-Mar-26 15:13 UTC
[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol
Rowland and Michael... Thanks for the help - it sounds like I should be close to getting this working. More troubleshooting... Here is what my test Samba AD has after being freshly provisioned: [drwxr-xr-x root???? root??? ] /var/lib/samba/sysvol/sambatest327.com/Policies ??? [drwxr-xr-x root???? root??? ] {31B2F340-016D-11D2-945F-00C04FB984F9} ??? ??? [-rwxrwx--- root???? 3000000 ]? GPT.INI ??? ??? [drwxr-xr-x root???? root??? ]? MACHINE ??? ??? [drwxr-xr-x root???? 3000000 ]? USER ??? [drwxr-xr-x root???? root??? ] {6AC1786C-016F-11D2-945F-00C04FB984F9} ??? ??? [-rw-r--r-- root???? root??? ]? GPT.INI ??? ??? [drwxr-xr-x root???? root??? ]? MACHINE ??? ??? [drwxr-xr-x root???? root??? ]? USER Here is what my broken Samba 4.17.12 has: [drwxr-xr-x root???? root??? ] /var/lib/samba/sysvol/samdom.example.com/Policies ??? [drwxrwx--- root???? BUILTIN\administrators] {31B2F340-016D-11D2-945F-00C04FB984F9} ??? ??? [-rwxrwx--- root???? BUILTIN\administrators]? GPT.INI ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? MACHINE ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? USER ??? [drwxrwx--- root???? BUILTIN\administrators] {6AC1786C-016F-11D2-945F-00C04FB984F9} ??? ??? [-rwxrwx--- root???? BUILTIN\administrators]? GPT.INI ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? MACHINE ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? USER So... just a slight difference in the group ownership. Here is the final part of an strace on the sysvolreset attempt: .... read(17, "????????? policyguid=policyguid,"..., 8192) = 8192 read(17, "session_unix()\n??? fsacl = getnt"..., 8192) = 8192 read(17, "values for the krbtgt keys\n???? "..., 8192) = 8192 read(17, " up IPv6 addresses\")\n??????? hos"..., 8192) = 8192 read(17, "rid=next_rid, dc_rid=dc_rid, adm"..., 8192) = 5075 read(17, "", 8192)????????????????????? = 0 close(17)?????????????????????????????? = 0 newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/samba/ntacls.py", {st_mode=S_IFREG|0644, st_size=24047, ...}, 0) = 0 openat(AT_FDCWD, "/usr/lib/python3/dist-packages/samba/ntacls.py", O_RDONLY|O_CLOEXEC) = 17 newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=24047, ...}, AT_EMPTY_PATH) = 0 ioctl(17, TCGETS, 0x7fdf40b8e0)???????? = -1 ENOTTY (Inappropriate ioctl for device) lseek(17, 0, SEEK_CUR)????????????????? = 0 read(17, "# Unix SMB/CIFS implementation.\n"..., 4096) = 4096 read(17, "\n??????? ntacl = ndr_unpack(xatt"..., 8192) = 8192 read(17, "n fdescr\n\n??? return fdescr.as_s"..., 8192) = 8192 read(17, "nfo, as_sddl=True)\n??????????? _"..., 8192) = 3567 read(17, "", 8192)????????????????????? = 0 close(17)?????????????????????????????? = 0 newfstatat(AT_FDCWD, "/usr/bin", {st_mode=S_IFDIR|0755, st_size=45056, ...}, 0) = 0 newfstatat(AT_FDCWD, "/usr/lib/python3.11", {st_mode=S_IFDIR|0755, st_size=20480, ...}, 0) = 0 newfstatat(AT_FDCWD, "/usr/lib/python3.11/ast.py", {st_mode=S_IFREG|0644, st_size=60667, ...}, 0) = 0 newfstatat(AT_FDCWD, "/usr/lib/python3.11/ast.py", {st_mode=S_IFREG|0644, st_size=60667, ...}, 0) = 0 openat(AT_FDCWD, "/usr/lib/python3.11/__pycache__/ast.cpython-311.pyc", O_RDONLY|O_CLOEXEC) = 17 newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=108974, ...}, AT_EMPTY_PATH) = 0 ioctl(17, TCGETS, 0x7fdf40b550)???????? = -1 ENOTTY (Inappropriate ioctl for device) lseek(17, 0, SEEK_CUR)????????????????? = 0 lseek(17, 0, SEEK_CUR)????????????????? = 0 newfstatat(17, "", {st_mode=S_IFREG|0644, st_size=108974, ...}, AT_EMPTY_PATH) = 0 read(17, "\247\r\r\n\0\0\0\0*\202Kg\373\354\0\0\343\0\0\0\0\0\0\0\0\0\0\0\0\21\0\0"..., 108975) = 108974 read(17, "", 1)???????????????????????? = 0 close(17)?????????????????????????????? = 0 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9dff9000 write(2, "? File \"/usr/lib/python3/dist-pa"..., 158? File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185, in _run ??? return self.run(*args, **kwargs) ?... rest of traceback as before... It's hard for me to tell how much of this strace is related to output of the traceback itself after failing. I'm still stumped here.
Rowland Penny
2025-Mar-26 16:48 UTC
[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol
On Wed, 26 Mar 2025 09:13:09 -0600 Rick Hollinbeck via samba <samba at lists.samba.org> wrote:> Rowland and Michael... > > Thanks for the help - it sounds like I should be close to getting > this working. > > More troubleshooting... > > Here is what my test Samba AD has after being freshly provisioned: > > [drwxr-xr-x root???? root??? ] > /var/lib/samba/sysvol/sambatest327.com/Policies > > ??? [drwxr-xr-x root???? root??? ] > {31B2F340-016D-11D2-945F-00C04FB984F9} ??? ??? [-rwxrwx--- root > 3000000 ]? GPT.INI ??? ??? [drwxr-xr-x root???? root??? ]? MACHINE > ??? ??? [drwxr-xr-x root???? 3000000 ]? USER > ??? [drwxr-xr-x root???? root??? ] > {6AC1786C-016F-11D2-945F-00C04FB984F9} ??? [-rw-r--r-- root???? root > ? ]? GPT.INI ??? [drwxr-xr-x root???? root??? ]? MACHINE > ??? ??? [drwxr-xr-x root???? root??? ]? USER > > Here is what my broken Samba 4.17.12 has: > > [drwxr-xr-x root???? root??? ] > /var/lib/samba/sysvol/samdom.example.com/Policies > > ??? [drwxrwx--- root???? BUILTIN\administrators] > {31B2F340-016D-11D2-945F-00C04FB984F9} > ??? ??? [-rwxrwx--- root???? BUILTIN\administrators]? GPT.INI > ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? MACHINE > ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? USER > ??? [drwxrwx--- root???? BUILTIN\administrators] > {6AC1786C-016F-11D2-945F-00C04FB984F9} > ??? ??? [-rwxrwx--- root???? BUILTIN\administrators]? GPT.INI > ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? MACHINE > ??? ??? [drwxrwx--- root???? BUILTIN\administrators]? USER > > So... just a slight difference in the group ownership.Possibly not, have you installed the winbind nss links, the 3000000 ID suggests you haven't and that is probably the xidNumber for BUILTIN\administrators. Anyway this is what my sysvol is set to after running sysvolreset (yes, it does work ;-) ) [drwxrwx--- root BUILTIN\administrators] /var/lib/samba/sysvol | [drwxrwx--- root BUILTIN\administrators] samdom.example.com | [drwxrwx--- root BUILTIN\administrators] Policies | | | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] {31B2F340-016D-11D2-945F-00C04FB984F9} | | | | | [-rwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] GPT.INI | | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] MACHINE | | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] USER | | | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] {6AC1786C-016F-11D2-945F-00C04FB984F9} | | | [-rwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] GPT.INI | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] MACHINE | [drwxrwx--- SAMDOM\domain admins SAMDOM\domain admins] USER | [drwxrwx--- root BUILTIN\administrators] scripts Rowland
Possibly Parallel Threads
- Missing Policies folder in AD and /var/lib/samba/sysvol
- Experiment on how to improve our temporary file handing.
- missing msdfs referrals from samba directory listing: wrong order in smbd_dirptr_get_entry()?
- [klibc:master] syscalls: Add syscalls needed by arm64
- [PATCH 2/3] syscalls: Add syscalls needed by arm64