S4/AD gpo problem

tridge at samba.org tridge at samba.org
Fri Feb 19 05:36:35 MST 2010 

Hej Anton,

 > Problem with editing group policys on my s4 AD.
 > http://img692.imageshack.us/img692/8893/testgo.png

Given the error "Nätverkssökvägen kan inte hittas" I'm guessing you
either have a DNS problem or you have a missing share or
directory. (for those who don't grok Swedish, the error in the above
link approximately means "Error happened when a file was parsed:
network path not found")

Are you using a DNS server like bind9 on your Samba server, or are you
using a Windows DNS server? 

 > Om du vill veta mer om felet kan du använda Loggboken eller köra GPRESULT /H GPR
 > eport.html från kommandoraden om du vill ha ytterligare information om grupprinc
 > ipresultat.

(translation: the above is suggesting to run gpresult to get more
information on the error).

I doubt that suggestion will help, unless gpresult actually tells you
a lower level error code.

 > Bearbetningen av grupprincipen misslyckades. Ett misslyckat försök har gjorts at
 > t läsa filen \\test.local\sysvol\test.local\Policies\{1977E949-B026-4FB5-A89
 > 1-865E3E78C36C}\gpt.ini på en domänkontrollant. Inställningarna för grupprincipe
 > n kan eventuellt inte tillämpas förrän händelsen har lösts. Det här problemet ka
 > n vara tillfälligt och kan bero på en eller flera av följande orsaker:

This means it's trying to access
  \\test.local\sysvol\test.local\Policies\{1977E949-B026-4FB5-A891-865E3E78C36C}\gpt.ini
and it's failing. That could be caused by several possible things:

 1) the Windows client can't resolve the name 'test.local'. Can you
 ping that from the Windows box? Who provides the DNS for the 'local'
 domain on your network?

 2) the share [sysvol] is not accessible. Test it with smbclient or
 windows explorer.

 3) the directory
 test.local/Policies/{1977E949-B026-4FB5-A891-865E3E78C36C} is missing
 in [sysvol], or not accessible, or not writeable. Again, test from
 Windows explorer or smbclient.

 4) xattr operations could be failing on the [sysvol] share. Do you
 have xattrs enabled in the filesystem, or do you have the posix:eadb
 option set? Can you see/modify ACLs OK on [sysvol] from Windows?

If the above checks don't solve it then I'd suggest you should install
wireshark and get a capture between the Windows box and Samba when you
try to edit group policies. Look particularly at the DNS traffic and
for any SMB "tree connect" or "create" calls that may be failing. See
if it tries to find a name or a share and fails.

 > Hope the swedish wont confuse you. 		 	   		  

Ingen problem :-)

Cheers, Tridge

More information about the samba-technical mailing list