S4/AD gpo problem

Anton Löthman takayama123 at hotmail.com
Fri Feb 19 06:10:14 MST 2010 


From: takayama123 at hotmail.com
To: tridge at samba.org
Subject: RE: S4/AD gpo problem
Date: Fri, 19 Feb 2010 14:08:58 +0100








Hey, thanks for the fast answer

> Date: Fri, 19 Feb 2010 23:36:35 +1100
> To: takayama123 at hotmail.com
> CC: samba-technical at lists.samba.org
> Subject: Re: S4/AD gpo problem
> From: tridge at samba.org
> 
> Hej Anton,
> 
>  > Problem with editing group policys on my s4 AD.
>  > http://img692.imageshack.us/img692/8893/testgo.png
> 
> Given the error "Nätverkssökvägen kan inte hittas" I'm guessing you
> either have a DNS problem or you have a missing share or
> directory. (for those who don't grok Swedish, the error in the above
> link approximately means "Error happened when a file was parsed:
> network path not found")
> 
> Are you using a DNS server like bind9 on your Samba server, or are you
> using a Windows DNS server? 
Im using bind9, and its working, so its not that.

>  > Om du vill veta mer om felet kan du använda Loggboken eller köra GPRESULT /H GPR
>  > eport.html från kommandoraden om du vill ha ytterligare information om grupprinc
>  > ipresultat.
> 
> (translation: the above is suggesting to run gpresult to get more
> information on the error).
> 
> I doubt that suggestion will help, unless gpresult actually tells you
> a lower level error code.
> 
>  > Bearbetningen av grupprincipen misslyckades. Ett misslyckat försök har gjorts at
>  > t läsa filen \\test.local\sysvol\test.local\Policies\{1977E949-B026-4FB5-A89
>  > 1-865E3E78C36C}\gpt.ini på en domänkontrollant. Inställningarna för grupprincipe
>  > n kan eventuellt inte tillämpas förrän händelsen har lösts. Det här problemet ka
>  > n vara tillfälligt och kan bero på en eller flera av följande orsaker:
> 
> This means it's trying to access
>   \\test.local\sysvol\test.local\Policies\{1977E949-B026-4FB5-A891-865E3E78C36C}\gpt.ini
> and it's failing. That could be caused by several possible things:
> 
>  1) the Windows client can't resolve the name 'test.local'. Can you
>  ping that from the Windows box? Who provides the DNS for the 'local'
>  domain on your network?

This works
>  2) the share [sysvol] is not accessible. Test it with smbclient or
>  windows explorer.
Its there.

>  3) the directory
>  test.local/Policies/{1977E949-B026-4FB5-A891-865E3E78C36C} is missing
>  in [sysvol], or not accessible, or not writeable. Again, test from
>  Windows explorer or smbclient.
Its there and accacible, however, when trying to open a txt files (with notepad on windows) on any of my shares, i get this error
http://img63.imageshack.us/img63/4163/16927840.png, i can open notepad and and then open the file (gpt.ini) manualy, this seems kind of strange. I tried the mount the share from linux and had no problem there.

>  4) xattr operations could be failing on the [sysvol] share. Do you
>  have xattrs enabled in the filesystem, or do you have the posix:eadb
>  option set? Can you see/modify ACLs OK on [sysvol] from Windows?

This may be it, i havnt xattr in fstab, how do you set the posix:eadb thing?
Well i can the acls is not working 100%, some dirs i can change, but some i cant.
And in some dirs you se some users named like S-1-22-1-506.

> If the above checks don't solve it then I'd suggest you should install
> wireshark and get a capture between the Windows box and Samba when you
> try to edit group policies. Look particularly at the DNS traffic and
> for any SMB "tree connect" or "create" calls that may be failing. See
> if it tries to find a name or a share and fails.
> 
>  > Hope the swedish wont confuse you. 		 	   		  
> 
> Ingen problem :-)
It would be "inga problem" :D
> Cheers, Tridge
 		 	   		  
Hotmail: Free, trusted and rich email service. Get it now. 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969

More information about the samba-technical mailing list