Problem: UMC Diagnose Modul Reports Error about SYSVOL ACL

Christian_Voelker · September 20, 2018, 10:20am

Problem

In UMC the diagnostic module reports an error:
samba-tool ntacl sysvolcheck meldet ein Problem mit den SYSVOL ACL Einträgen. STDOUT: get_nt_acl_conn: get_nt_acl returned NT_STATUS_OBJECT_NAME_NOT_FOUND. (2, 'No such file or directory') (-1073741772, 'The object name is not found.')

Environment

UCS 4.x domain with several UCS host types (master, backup, slave) and GroupPolicyObjects (GPO) being used.

Solution

Remove the referenced GPO which will remove it from SYSVOL, too. Re-create the object then correctly.

Investigation

Step 1

Start sysvolreset and check output

root@slave1:~# samba-tool ntacl sysvolreset
set_nt_acl_conn: open: error=2 (No such file or directory)
Unable to set ACL O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) on /var/lib/samba/sysvol/domain.com/Policies/{E4DD7CDA-3AA2-4A79-B9E5-8F550F841657}

The part DAG:DAD:PAR tells about the path where the ACL should be applied. Here, the policy ID is {E4DD7CDA-3AA2-4A79-B9E5-8F550F841657} to identify the GPO in GPO-editor.

Step 2

In GPO editor check the referenced GPO and remove it needed. It might be settled at a wrong place.

Christian_Voelker · September 20, 2018, 12:14pm