[Samba 4] Access to GPO failed
Andrew Bartlett
abartlet at samba.org
Tue Dec 9 21:50:04 GMT 2008
On Tue, 2008-12-09 at 13:40 +0700, Son Nguyen wrote:
> Son Nguyen wrote:
> > Kenneth MacDonald wrote:
> >> On Mon, 2008-12-08 at 17:50 +0700, Son Nguyen wrote:
> >>
> >>> Kenneth MacDonald wrote:
> >>>
> >>>> On Mon, 2008-12-08 at 10:37 +0700, Son Nguyen wrote:
> >>>>> In these two cases, Windows client can join domain success but
> >>>>> cannot access Group Policy Editor from dsa.msc.
> >>>>>
> >>>>> * The error message in client is the same as the older:
> >>>>> o Fail to open the Group Policy Object. You may not have
> >>>>> appropriate rights.
> >>>>> Details:
> >>>>> The network path was not found.
> >>>>> * From windows client, I can access to the //dc.domain/sysvol
> >>>>> success
> >>>>> * The below is smb.log when I run samba in debug level 10
> >>>>> (samba -M single -d 10)
> >>>>>
> >>>>> Do you have any ideas for me to pass this step. I really want to
> >>>>> test domain policy but I stuck in this step for more than 2 weeks.
> >>>>>
> >>>> Can you access //dc.domain/sysvol/Policies ? Can you create
> >>>> directories
> >>>> in there?
> >>>>
> >>> Yes, I can. When access //dc.domain/sysvol/Policies folder with
> >>> administrator account (I have not tested with other accounts), I can
> >>> create files and folders
> >>>
> >>>> When you create a GPO, the GPT (Group Policy Template) is created
> >>>> in //dc.domain/sysvol/Policies/{GUID-OF-GPO}/
> >>>>
> >>> When I create a new GPO, the will be a new folder named
> >>> {GUID-OF-GPO} in Policies folder. The contain of this folder as below:
> >>>
> >>> * GTP.ini:
> >>> [General]
> >>> Version=0
> >>> * Machine: empty folder
> >>> * User: empty folder
> >>>
> >>>
> >>>> Cheers,
> >>>>
> >>>> Kenny.
> >>>>
> >>>>
> >>> The attachment is a archive file for a new folder was generated when
> >>> I create new GPO.
> >>> The same error message was appeared when I try to edit the Default
> >>> Domain Policy.
> >>> I'm looking forward for your response.
> >>>
> >>
> >> I don't have any further insight. I was trying to clarify what had and
> >> hadn't happened.
> >>
> >> Cheers,
> >>
> >> Kenny.
> >>
> > This is my installation process:
> >
> > * Operating system: CentOS-5.2 (with ext3 file system)
> > * Lib installtion (from OS DVD):
> > 'Development Tools'
> > *gcc* *make* *acl* *attr* *readline* *python*
> > * Samba4 installation and provision as Wiki
> > * DNS: using bind-chroot-9.3
> >
> > Hoping these information is useful for you to identify my problem.
> >
> > Thanks a lot,
> > Son Nguyen
> Hi all,
> I've just tested with samba 4 alpha6- GIT-3878ad. The same error
> message appear when I try to edit a GPO. The include is samba4 log in
> level 10 (smbd -M single -d 10). I guess that the reason is on these lines:
>
> * *Got user=[] domain=[] workstation=[SRV1] len1=1 len2=0*
>
> * *auth_check_password_recv: anonymous authentication for user [NT
> AUTHORITY\ANONYMOUS LOGON] succeeded*
>
> Please let me know if you have any theory about this problem.
These things can be a real challenge to debug, but I would start by
taking a network trace with wireshark, and see what was the last error
before the client message was.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081210/aff20e9c/attachment.bin
More information about the samba-technical
mailing list