Problem:
get_nt_acl_conn: get_nt_acl returned NT_STATUS_OBJECT_NAME_NOT_FOUND during samba-tool ntacl sysvolcheck
ucs:~# samba-tool ntacl sysvolcheck --mask-msad-differences
get_nt_acl_conn: get_nt_acl returned NT_STATUS_OBJECT_NAME_NOT_FOUND.
ERROR: File not found /var/lib/samba/sysvol/schein.ig/Policies/{e0b4dd8b-c806-438b-98be-e6344b6ea7a1}
[...]
Investigation:
You should check if the policy is present in the sysvol directory:
ls -l /var/lib/samba/sysvol/schein.ig/Policies/\{E0B4DD8B-C806-438B-98BE-E6344B6EA7A1\}
insgesamt 24
-rwxrwx---+ 1 Administrator Domain Admins 66 Okt 29 14:54 GPT.INI
drwxrwx---+ 3 Administrator Domain Admins 4096 Okt 29 14:54 Machine
drwxrwx---+ 2 Administrator Domain Admins 4096 Okt 29 14:54 User
Then you check it in samba:
univention-s4search cn={e0b4dd8b-c806-438b-98be-e6344b6ea7a1} | grep -i e0b4dd8b
dn: CN={e0b4dd8b-c806-438b-98be-e6344b6ea7a1},CN=Policies,CN=System,DC=schein,DC=ig
cn: {e0b4dd8b-c806-438b-98be-e6344b6ea7a1}
name: {e0b4dd8b-c806-438b-98be-e6344b6ea7a1}
distinguishedName: CN={e0b4dd8b-c806-438b-98be-e6344b6ea7a1},CN=Policies,CN=System,DC=schein,DC=ig
cn, name, and distinguistedName are in lowercase in samba, but it is expected in capitals.
Solution:
You can rename the entry, that will fix, the cn, the name and the distinguistedName
:~# ldbrename -H /var/lib/samba/private/sam.ldb --cross-ncs 'CN={e0b4dd8b-c806-438b-98be-e6344b6ea7a1},CN=Policies,CN=System,DC=schein,DC=ig' 'CN={E0B4DD8B-C806-438B-98BE-E6344B6EA7A1},CN=Policies,CN=System,DC=schein,DC=ig'
Renamed 1 record