[Samba 4] Access to GPO failed

Wes Deviers wdevie at hrcsb.org
Tue Dec 9 22:07:42 GMT 2008

On Tuesday 09 December 2008 16:50:04 Andrew Bartlett wrote:
> >
> >     * *Got user=[] domain=[] workstation=[SRV1] len1=1 len2=0*
> >
> >     * *auth_check_password_recv: anonymous authentication for user [NT
> >       AUTHORITY\ANONYMOUS LOGON] succeeded*
> >
> > Please let me know if you have any theory about this problem.
> These things can be a real challenge to debug, but I would start by
> taking a network trace with wireshark, and see what was the last error
> before the client message was.
> Andrew Bartlett

In the past, I've had the same problem since at Alpha4 or so.  What seems to 
be the problem (at least for me) is when it switches from accessing the server 
as named (\\felix.fake.domain.local) to trying to access it via the domain to 
pull the GPO (\\fake.domain.local) it fails about 90% of the time.  Meaning, 
that if I keep pushing the "Edit Group Policy" button over and over, it will 
eventually work once.  And then, when I go to save it, if I try to save the 
changes over and over it will eventually work as well.

I can get into the GP-UID portion of the tree every time, but if I try to edit 
the policy file by hand (using Notepad), it fails about 90% of the time.  If I 
traverse the tree using the machine name and NOT the domain, it works every 
time with no problems (as in, \\felix.fake.domain.local\...\{uuid}\... lets me 
edit and save the file correctly)  Of course, that doesn't help since all of 
the GP tools use the domain name and not the machine, so they all fail 

I don't have the patience to try rebooting XP clients enough times to see if 
the GPO will get -pulled- 10% of the time, but then I stopped trying entirely 
about a month ago.  



More information about the samba-technical mailing list