Group Policy not working + other problems

James Rhodes jrhodes at
Mon Jul 18 01:33:48 MDT 2011

On Sun, Jul 17, 2011 at 11:50 PM, Matthieu Patou <mat at> wrote:
> On 17/07/2011 14:42, James Rhodes wrote:
>> smb.conf:
>> ldbsearch output:
>> Judging from the output of ldbsearch, the computer object is MAIN$
>> (which fits in with the intended, while Samba 4
>> seems to be looking for REDPOINT$.  This looks like it might be tying
>> into the Kerberos querying problem above.
> Your config is quite strange I don't know where you get it.
> A config from a provision should look like:
> [global]
>    server role = domain controller
>    workgroup = MATWS
>    realm =
>    netbios name = ARES
>    private dir = /home/mat/workspace/samba/homematwsnet/private
>    lock dir = /home/mat/workspace/samba/homematwsnet
> So I would recommand to change the netbios name from REPOINT to MAIN (as it
> seems to be in your config) and to add realm= in the config
> file.

I think originally I had a smb.conf file from a provision when the
realm was (way back before Alpha 13 that was
though) and so I just used what was generated in that one to work out
how to construct the smb.conf after I generated a new provision for (it was likely I just used the existing smb.conf because
I wanted to keep all of my shares, not thinking about the [global]
section at all).

So anyway, this fixed the SPN update issue, but the Group Policy is
still not working, with the output still being:

Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4:
for LDAP/ at REDPOINT.INT [renewable,
Kerberos: Searching referral for
Kerberos: Server not found in database:
LDAP/ at REDPOINT.INT: no such entry
found in hdb
Kerberos: Failed building TGS-REP to ipv4:

Now I'm not sure whether it's the Samba 4 server generating the
"LDAP/ at REDPOINT.INT" string or
whether it's my PC as it requests Group Policy (but you guys will know
the answer to this).

Regards, James Rhodes.

More information about the samba-technical mailing list