[Samba 4] Access to GPO failed
Wes Deviers
wdevie at hrcsb.org
Tue Dec 9 22:07:42 GMT 2008
On Tuesday 09 December 2008 16:50:04 Andrew Bartlett wrote:
> >
> > * *Got user=[] domain=[] workstation=[SRV1] len1=1 len2=0*
> >
> > * *auth_check_password_recv: anonymous authentication for user [NT
> > AUTHORITY\ANONYMOUS LOGON] succeeded*
> >
> > Please let me know if you have any theory about this problem.
>
> These things can be a real challenge to debug, but I would start by
> taking a network trace with wireshark, and see what was the last error
> before the client message was.
>
> Andrew Bartlett
In the past, I've had the same problem since at Alpha4 or so. What seems to
be the problem (at least for me) is when it switches from accessing the server
as named (\\felix.fake.domain.local) to trying to access it via the domain to
pull the GPO (\\fake.domain.local) it fails about 90% of the time. Meaning,
that if I keep pushing the "Edit Group Policy" button over and over, it will
eventually work once. And then, when I go to save it, if I try to save the
changes over and over it will eventually work as well.
I can get into the GP-UID portion of the tree every time, but if I try to edit
the policy file by hand (using Notepad), it fails about 90% of the time. If I
traverse the tree using the machine name and NOT the domain, it works every
time with no problems (as in, \\felix.fake.domain.local\...\{uuid}\... lets me
edit and save the file correctly) Of course, that doesn't help since all of
the GP tools use the domain name and not the machine, so they all fail
regardless.
I don't have the patience to try rebooting XP clients enough times to see if
the GPO will get -pulled- 10% of the time, but then I stopped trying entirely
about a month ago.
Best!
Wes
More information about the samba-technical
mailing list