Web lists-archives.com

Re: [Samba] sysvol files - 'The data area passed to a system call is too small'




On Fri, 27 Apr 2018 22:40:41 +0100
Jonathan Hunter via samba <samba@xxxxxxxxxxxxxxx> wrote:

> OK - some more detail I have found in the meantime.
> 
> I have compiled & ran listxattr, and I can now see a difference
> between a working and a broken file:
> 
> me@dc2:~/download $
> sudo ./listxattr /usr/local/samba/var/locks/sysvol/
> mydomain.org/brokenfile.txt user.DOSATTRIB: 0x20
> system.posix_acl_access:
> 
> me@dc2:~/download $
> sudo ./listxattr /usr/local/samba/var/locks/sysvol/
> mydomain.org/workingfile.txt user.DOSATTRIB: 0x20
> system.posix_acl_access:
> security.NTACL:

Are you sure your sync method is working ?
I ask this because the sysvol ACLs are stored in 'security.NTACL' and
you don't have this on the non working DC

> 
> This then led me to check what things look like from Windows, and to
> look at the NTACL from there, seeing as 'listxattr' wasn't showing me
> much:
> 
> C:\Users\me>cacls
> \\dc2\sysvol\mydomain.org\brokenfile.txt /S
> \\dc2\sysvol\mydomain.org\brokenfile.txt
> "D:(A;;FA;;;S-1-5-21-xxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-1234)(A;;0x1201bf;;;S-1-22-2-0)(A;;FA;;;SY)"
> [ The first SID is my admin user I am logged in as. Windows doesn't
> resolve S-1-22-2-0 when using Explorer, and instead shows 'Account
> Unknown(S-1-22-2-0)' ]

Yes, but surely the result you are getting here is the ACL for the file
'brokenfile.txt' not sysvol, try:

samba-tool ntacl get /usr/local/samba/var/locks/sysvol --as-sddl

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba