[Samba 4] Access to GPO failed

=?iso-2022-jp?B?GyRCOllFRBsoQiAbJEI+LRsoQg==?= s-hosoda at secom.co.jp
Fri Dec 12 06:36:32 GMT 2008 

Hello.

I'm trying GPO with samba4.
I execute "samba -i -M single". The version is 4.0.0alpha6-GIT-0e723d8.
In our environment, I can use gpupdate and dsa.msc on XP SP2. When I try to edit 
group policy (by gpmc.msc), the warning message "The Permissions for This GPO 
in the SYSVOL Folder Are Inconsistent with Those in Active Directory" appears, 
but I can edit GPO. And I find the same error as one in your log file 
> Kerberos: TGS-REQ srv1$@CE.SAIGONTECH.INFO.VN from 192.168.9.131 for 
> cifs/ce.saigontech.info.vn at CE.SAIGONTECH.INFO.VN [canonicalize, 
> renewable, forwardable] 

When I saw an error "The network path was not found", I checked access to
\\<domain_name>\sysvol\<domain_name>\ and made it possible, then the error always disappeared. As Mr. Wes Deviers said, if you can access
\\<dc_name>\sysvol\<domain_name>\, this error can occur.
In my experience, the access to \\<dc_name>\sysvol was possible but one to \\<domain_name>\sysvol was not, when I enabled DFS in smbd.conf. 
If you can access to \\<domain_name>\sysvol\<domain_name>\  but have 
"The network path was not found" error, I have no idea.

But VistaSP1 doesn't work well with samba4. I can edit the GPO but the 
group policy on Windows can not be updated.  It was possible on Vista without SP.  I'm checking the VistaSP1 behavior now.
Are there some body have experience in working with Samba4 GPOs with VistaSP1?

Regards,
---
Sho Hosoda <s-hosoda at secom.co.jp>

-----Original Message-----
From: samba-technical-bounces+s-hosoda=secom.co.jp at lists.samba.org [mailto:samba-technical-bounces+s-hosoda=secom.co.jp at lists.samba.org] On Behalf Of Son Nguyen
Sent: Friday, December 12, 2008 11:54 AM
Cc: samba-technical
Subject: Re: [Samba 4] Access to GPO failed

Son Nguyen wrote:
> Volker Lendecke wrote:
>> On Wed, Dec 10, 2008 at 10:11:31AM -0500, Wes Deviers wrote:
>>  
>>> I haven't said anything or really tracked down much on the behavior; 
>>> I've assumed lots of people are using recent SVN pulls with 
>>> everything working     
>>
>> You really mean SVN? We switched to git months ago. See
>> http://us6.samba.org/samba/devel/ and
>> http://wiki.samba.org/index.php/Samba4/HOWTO for info how to
>> get the latest code.
>>
>> Volker
>>   
>    I've duplicated this error today with the new version from GIT.
> #define SAMBA_VERSION_GIT_COMMIT_DATE "Wed Dec 10 17:03:53 2008 -0800"
> #define SAMBA_VERSION_OFFICIAL_STRING "4.0.0alpha6-GIT-d7d525b"
>
> Are there some body have experience in working with Samba4 GPOs? 
> Please give me your ideas about this error.
> I also favorite in deploy samba4 with ldap backend (OpenLDAP, or 
> CentDS). I try to follow document from Samba Wiki but there are some 
> error when I provision Samba4. Please let me know if you have other 
> document.
>
> Thank a lot,
> Son Nguyen
>
Hi all,
    After reading samba log file and network capture file, I think that 
this error is related with KRB5.

    * Log file: Kerberos: Failed building TGS-REP to 192.168.9.131
    * Capture file: KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOW (packet
      number 46)

Please find in the attachments for these two files.

Son Nguyen

More information about the samba-technical mailing list