Group Policy not working + other problems

James Rhodes jrhodes at
Sun Jul 17 01:11:09 MDT 2011

So I recently upgraded my Samba 4 server to alpha 17 using GIT revision
3dae323 and Group Policy has stopped working (I've spent the last few hours
trying to resolve this issue, but I seem to be stuck).  I hadn't actually
noticed this until today when I attempted to join a computer to a domain and
then manually updated it's Group Policy using gpupdate.

I've managed to narrow down the error to this (shown when using samba -i -d

> Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4: for
LDAP/ at REDPOINT.INT [renewable,
> Kerberos: Searching referral for
> Kerberos: Server not found in database: LDAP/ at REDPOINT.INT: no such entry found in hdb
> Kerberos: Failed building TGS-REP to ipv4:
> Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
> Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]

I am assuming that the cause of Kerberos no longer being able to find the
server is caused by updated Samba 4 to a newer version, however I do not
know how to correct this issue (I had a look through the LDAP server's tree
but couldn't find anything that seemed like it might map to "LDAP/ at REDPOINT.INT").  I am concerned about the
"" however, as the name of the domain controller is
actually "main" within the realm.

Through running -d 3 I've also found a few other errors which would explain
why Offline Files and a few other components aren't working correctly.  The
first is:

> /usr/local/samba/sbin/samba_spnupdate: Failed to find computer object for

I'm not sure what impact this has, however the second error issue is:

> pvfs_setfileinfo: utimes() failed '/srv/users/.' - Operation not permitted

This is causing errors with Offline Files which reports that access to
\\main\users$ was denied (which causes Sync to fail).  Checking the utimes()
documentation shows:

"The times argument is not a null pointer and the calling process' effective
user ID has write access to the file but does not match the owner of the
file and the calling process does not have the appropriate privileges."

This is rather confusing given that the ownership of /srv/users (and /srv)
is root, which is the user that the Samba 4 server is running as.  I can
only assume that /srv/users is meant to be owned by one of the actual NT
users (3000xxx) however given that this is a public directory, that's not
going to work as all users have to be able to update the timestamp on the

If anyone knows solutions or has suggestions as to how I can fix any of the
problems I've outlined above, it would be greatly appreciated.

Regards, James Rhodes.

More information about the samba-technical mailing list