[Samba 4] Access to GPO failed

Tue Dec 9 21:50:04 GMT 2008

On Tue, 2008-12-09 at 13:40 +0700, Son Nguyen wrote:
> Son Nguyen wrote:
> > Kenneth MacDonald wrote:
> >> On Mon, 2008-12-08 at 17:50 +0700, Son Nguyen wrote:
> >>  
> >>> Kenneth MacDonald wrote:
> >>>    
> >>>> On Mon, 2008-12-08 at 10:37 +0700, Son Nguyen wrote:

> >>>>>  In these two cases, Windows client can join domain success but 
> >>>>> cannot access Group Policy Editor from dsa.msc.
> >>>>>
> >>>>>     * The error message in client is the same as the older:
> >>>>>           o Fail to open the Group Policy Object. You may not have
> >>>>>             appropriate rights.
> >>>>>             Details:
> >>>>>             The network path was not found.
> >>>>>     *  From windows client, I can access to the //dc.domain/sysvol 
> >>>>> success
> >>>>>     * The below is smb.log when I run samba in debug level 10
> >>>>>       (samba -M single -d 10)
> >>>>>
> >>>>> Do you have any ideas for me to pass this step. I really want to 
> >>>>> test domain policy but I stuck in this step for more than 2 weeks.
> >>>>>             
> >>>> Can you access //dc.domain/sysvol/Policies ?  Can you create 
> >>>> directories
> >>>> in there?
> >>>>         
> >>> Yes, I can. When access //dc.domain/sysvol/Policies folder with 
> >>> administrator account (I have not tested with other accounts), I can 
> >>> create files and folders
> >>>    
> >>>> When you create a GPO, the GPT (Group Policy Template) is created
> >>>> in //dc.domain/sysvol/Policies/{GUID-OF-GPO}/
> >>>>         
> >>> When I create a new GPO, the will be a new folder named 
> >>> {GUID-OF-GPO} in Policies folder. The contain of this folder as below:
> >>>
> >>>     * GTP.ini:
> >>>       [General]
> >>>       Version=0
> >>>     * Machine: empty folder
> >>>     * User: empty folder
> >>>
> >>>    
> >>>> Cheers,
> >>>>
> >>>> Kenny.
> >>>>
> >>>>         
> >>> The attachment is a archive file for a new folder was generated when 
> >>> I create new GPO.
> >>> The same error message was appeared when I try to edit the Default 
> >>> Domain Policy.
> >>> I'm looking forward for your response.
> >>>     
> >>
> >> I don't have any further insight.  I was trying to clarify what had and
> >> hadn't happened.
> >>
> >> Cheers,
> >>
> >> Kenny.
> >>   
> > This is my installation process:
> >
> >    * Operating system: CentOS-5.2 (with ext3 file system)
> >    * Lib installtion (from OS DVD):
> >      'Development Tools'
> >      *gcc* *make* *acl* *attr* *readline* *python*
> >    * Samba4 installation and provision as Wiki
> >    * DNS: using bind-chroot-9.3
> >
> > Hoping these information is useful for you to identify my problem.
> >
> > Thanks a lot,
> > Son Nguyen
> Hi all,
>     I've just tested with samba 4 alpha6- GIT-3878ad. The same error 
> message appear when I try to edit a GPO. The include is samba4 log in 
> level 10 (smbd -M single -d 10). I guess that the reason is on these lines:
> 
>     * *Got user=[] domain=[] workstation=[SRV1] len1=1 len2=0*
> 
>     * *auth_check_password_recv: anonymous authentication for user [NT
>       AUTHORITY\ANONYMOUS LOGON] succeeded*
> 
> Please let me know if you have any theory about this problem.

These things can be a real challenge to debug, but I would start by
taking a network trace with wireshark, and see what was the last error
before the client message was. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081210/aff20e9c/attachment.bin