search for: 0x001200a9

...t any problem I might not be seeing yet. ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.com/Policies/{725C8FA6-3CC1-4A37-9C70-4DE6C4793F53} O:DAG:DAD:PAI(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;S-1-5-21-2172607237-3276034063-696894390-1039)(A;OICI;0x001200a9;;;S-1-5-21-2172607237-3276034063-696894390-1054)(A;OICI;0x001200a9;;;S-1-5-21-2172607237-3276034063-696894390-1152)(A;OICI;0x001200a9;;;S-1-5-21-2172607237-3276034063-696894390-1305)(A...

...lem I might not be seeing yet. > > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.com/Policies/{725C8FA6-3CC1-4A37-9C70-4DE6C4793F53} O:DAG:DAD:PAI(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;S-1-5-21-2172607237-3276034063-696894390-1039)(A;OICI;0x001200a9;;;S-1-5-21-2172607237-3276034063-696894390-1054)(A;OICI;0x001200a9;;;S-1-5-21-2172607237-3276034063-696894390-1152)(A;OICI;0x001200a9;;;S-1-5-21-2172607237-3276034063-696894390-1305)(A...

...been modified since then. The persistent error is this one (I separated the lines for easier reading): ProvisioningError: DB ACL on GPO directory (...) O:LAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;ED)(A;OICI;0x001200a9;;;DU)(A;OICI;0x001200a9;;;DC)(A;OICI;0x001200a9;;;AU) does not match expected value O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;ED)(A;OICI;0x001200a9;;;DU)(A;OIC...

...0003:r-x and default:user:3000001:r-x default:user:3000002:rwx default:user:3000003:r-x Otherwise they are identical. > You can also see the extended ACL's with: > samba-tool ntacl get /usr/local/samba/var/locks/sysvol --as-sddl Working domain: O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU) Non-working domain: O:LAG:DAD:(A;OICI;0x001f01ff;;;LA)(A;OICI;0x001200a9;;;SA)(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;S-1-5-21-546846319-217595157-9522986-572)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001200a9;;;SA)(A;OICI;...

Hai, ? im running samba 4.2.2 sernet on debian. ? when i run : samba-tool gpo aclcheck -UAdministrator ? im getting : ERROR: Invalid GPO ACL O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) and it tells me it should be O:DAG:DAD:P? (A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) ? the only difference : O:DAG:DAD:PAI?? <> ?O:DAG...

...<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on sysvol directory /usr/local/samba/var/locks/sysvol/domain.local O:LAG:BAD:AI(A;OICIID;0x001f01ff;;;LA)(A;OICIIOID;0x001f01ff;;;CO)(A;ID;0x00100000;;;BA)(A;OICIIOID;0x00100000;;;CG)(A;OICIID;0x001200a9;;;AU)(A;OICIID;0x001f01ff;;;SY)(A;OICIID;0x001200a9;;;SO)(A;OICIID;0x00100000;;;WD)(A;OICIID;0x001f01ff;;;BA) does not match expected value O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU) from provision File "/usr/local/samba/lib/py...

...ception - ProvisioningError: DB ACL on GPO directory /vol/samba/shares/sysvol/internal.stmaryscollege.co.uk/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File "/usr/lib64/python2.7/sit...

...t;): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/ kl01.amtb-m.org.my/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File "/usr/lib64/python2.7/site-pa...

...ask::rwx default:other::--- If I run wbinfo to convert the gid's to names the two getfacl lists are essentially the same. When I run samba-tool gpo aclcheck -Uadministrator, I get: Password for [MICROLYNX\administrator]: ERROR: Invalid GPO ACL O:LAG:S-1-22-2-0D:(A;OICI;0x001f01ff;;;LA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001f01ff ;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001f01ff;;;BA)(A;OICI;;;;WD)(A;;0x001f01ff;; ;S-1-22-2-0)(A;;0x001f01ff;;;LA)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;;;;CG) on path (microlynx....

...cp.DOMAIN.LOCAL<0x0> resolve_lmhosts: Attempting lmhosts lookup for name srv14.domain.local<0x20> Password for [DOMAIN\Administrator]: resolve_lmhosts: Attempting lmhosts lookup for name srv14.domain.local<0x20> ERROR: Invalid GPO ACL O:BAG:SYD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001200a9;;;AU)(A;OICI;;;;WD)(A;;0x001f01ff;;;SY)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;;;;CG) on path (domain.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}), s...

...sn't work. So I have checked GPO ACL with 'gpo aclcheck' command, and this is the return : got OID=1.2.840.48018.1.2.2 ERROR: Invalid GPO ACL O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) on path (domain.com\Policies\{20F5D1E9-30B5-49F6-904C-8B41299AA2ED}), should be O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) ...

...ntacl sysvolcheck command I get: root at tiger-db:~# samba-tool ntacl sysvolcheck ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on sysvol directory /var/lib/samba/sysvol/microlynx.org O:LAG:BAD:AI(A;OICIID;0x001f01ff;;;BA)(A;OICIID;0x001200a9;;;SO)(A;OICIID;0x001f01ff;;;SY)(A;OICIID;0x001200a9;;;AU) does not match expected value O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU) from provision File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in...

...irectory Then they should be, if all else fails, you could create a 'root preexec' script. > >An extended attribute stored in Security.NTACL e.g. > Here is my output command: > samba-tool ntacl get /var/lib/samba/sysvol --as-sddl > O:LAG:S-1-22-2-0D:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;S-1-22-2-0)(A;;0x001200a9;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;; > ;WD) > > > Sorry, I accessed the links, read the content and found it very > complicated. I confess that I understood practically nothing. Yes it is a bit daunting, so lets...

For completeness: The existing GPO: # samba-tool ntacl get --as-sddl \{07AF723D-5FFD-4807-B3C6-DFCE911B922A\}/ O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) The newly created GPO: # samba-tool ntacl get --as-sddl \{0C0B713E-EE65-4ACE-88AE-25125E2AAE00\}/ O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x0...

...including security.NTACL. It is simply not there at the share's top level. It is there for the subdirectories. getfattr -n security.NTACL -d /the/top/directory says /the/top/directory: security.NTACL: No such attribute samba-tool ntacl returns O:S-1-22-1-0G:DUD:(A;;0x001f01ff;;;S-1-22-1-0)(A;;0x001200a9;;;DU)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD) which is probably what I see in the Windows security tab. But what is this derived from? Peter

...: uncaught exception - ProvisioningError: DB ACL on GPO directory /usr/local/samba/var/locks/sysvol/domain.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File "/usr/local/samba/lib/python2...

...rovisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO file /usr/local/samba/var/locks/sysvol/tdsfs01.net/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Scripts/scripts.ini O:BAG:DUD:(A;;0x001f01ff;;;DA)(A;;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;;0x001f01ff;;;SY)(A;;0x001200a9;;;AU)(A;;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File "/usr/local/samba/lib64/python2.6...

...up:root:--- default:group:NT\040Authority\\system:rwx default:group:unix_admins:rwx default:mask::rwx default:other::--- >An extended attribute stored in Security.NTACL e.g. Here is my output command: samba-tool ntacl get /var/lib/samba/sysvol --as-sddl O:LAG:S-1-22-2-0D:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;S-1-22-2-0)(A;;0x001200a9;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;; ;WD) >See here: >https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings >and here: > https://docs.microsoft.com/en-us/windows/win32/secauthz/sid-strings?redirectedf...

On Sun, Oct 25, 2020 at 4:24 PM Rowland penny via samba <samba at lists.samba.org> wrote: > Yes, that is what it is designed for. Yes, and yes it does! Thank you!!

...exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Scripts/Startup O:BAG:DUD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File "/usr/lib/python2.7/site-...