[Samba 4] Access to GPO failed

Wes Deviers wdevie at hrcsb.org
Wed Dec 10 15:11:31 GMT 2008 

On Wednesday 10 December 2008 07:14:18 Kenneth MacDonald wrote:

> > I can get into the GP-UID portion of the tree every time, but if I try to
> > edit the policy file by hand (using Notepad), it fails about 90% of the
> > time.  If I traverse the tree using the machine name and NOT the domain,
> > it works every time with no problems (as in,
> > \\felix.fake.domain.local\...\{uuid}\... lets me edit and save the file
> > correctly)  Of course, that doesn't help since all of the GP tools use
> > the domain name and not the machine, so they all fail regardless.
>
> You can set the Group Policy Management Console (GPMC) to use a specific
> DC - right click on your domain and choose "Change Domain
> Controller ...", then it should list available DCs and you can force it
> to use one of them.
>
> > I don't have the patience to try rebooting XP clients enough times to see
> > if the GPO will get -pulled- 10% of the time, but then I stopped trying
> > entirely about a month ago.
>
> I don't know of any way to force XP clients to talk to a particular DC
> when processing GPOs.
>


Unfortunately there appears to be some Magic behind the "Connect to domain 
controller" whereby XP clients don't always believe that the Samba4 machine 
*is* a domain controller.  The same type of problem shows when I can 
successfully join the domain but none of the "domain stuff" shows up.  Like in 
the AD Users & Computer interface, most of the time (at least with a svn pull 
from last week) it says that no domain controller is available.  Or if I have 
the admin tools installed, none of the AD-related links show up on the menu 
(AD Trusts, Users & Computers, etc)

I haven't said anything or really tracked down much on the behavior; I've 
assumed lots of people are using recent SVN pulls with everything working 
correctly or there would be more chatter.  Either that, or nobody is, because 
this is the first time I've heard somebody else say something about the 
problem.  I always figured it was something I did wrong in the setups.

Wes

More information about the samba-technical mailing list