Group Policy not working + other problems
James Rhodes
jrhodes at redpointsoftware.com.au
Sun Jul 17 01:11:09 MDT 2011
So I recently upgraded my Samba 4 server to alpha 17 using GIT revision
3dae323 and Group Policy has stopped working (I've spent the last few hours
trying to resolve this issue, but I seem to be stuck). I hadn't actually
noticed this until today when I attempted to join a computer to a domain and
then manually updated it's Group Policy using gpupdate.
I've managed to narrow down the error to this (shown when using samba -i -d
3):
> Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4:192.168.1.84:57355 for
LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT [renewable,
forwardable]
> Kerberos: Searching referral for redpoint.redpoint.int
> Kerberos: Server not found in database: LDAP/
redpoint.redpoint.int/redpoint.int at REDPOINT.INT: no such entry found in hdb
> Kerberos: Failed building TGS-REP to ipv4:192.168.1.84:57355
> Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
> Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
I am assuming that the cause of Kerberos no longer being able to find the
server is caused by updated Samba 4 to a newer version, however I do not
know how to correct this issue (I had a look through the LDAP server's tree
but couldn't find anything that seemed like it might map to "LDAP/
redpoint.redpoint.int/redpoint.int at REDPOINT.INT"). I am concerned about the
"redpoint.redpoint.int" however, as the name of the domain controller is
actually "main" within the redpoint.int realm.
Through running -d 3 I've also found a few other errors which would explain
why Offline Files and a few other components aren't working correctly. The
first is:
> /usr/local/samba/sbin/samba_spnupdate: Failed to find computer object for
REDPOINT$
I'm not sure what impact this has, however the second error issue is:
> pvfs_setfileinfo: utimes() failed '/srv/users/.' - Operation not permitted
This is causing errors with Offline Files which reports that access to
\\main\users$ was denied (which causes Sync to fail). Checking the utimes()
documentation shows:
"The times argument is not a null pointer and the calling process' effective
user ID has write access to the file but does not match the owner of the
file and the calling process does not have the appropriate privileges."
This is rather confusing given that the ownership of /srv/users (and /srv)
is root, which is the user that the Samba 4 server is running as. I can
only assume that /srv/users is meant to be owned by one of the actual NT
users (3000xxx) however given that this is a public directory, that's not
going to work as all users have to be able to update the timestamp on the
file.
If anyone knows solutions or has suggestions as to how I can fix any of the
problems I've outlined above, it would be greatly appreciated.
Regards, James Rhodes.
More information about the samba-technical
mailing list