Group Policy not working + other problems

James Rhodes jrhodes at redpointsoftware.com.au
Mon Jul 18 01:33:48 MDT 2011


On Sun, Jul 17, 2011 at 11:50 PM, Matthieu Patou <mat at samba.org> wrote:
> On 17/07/2011 14:42, James Rhodes wrote:
>>
>> smb.conf:http://codepad.org/WmjkASIa
>> ldbsearch output:http://codepad.org/JokbT5mn
>>
>> Judging from the output of ldbsearch, the computer object is MAIN$
>> (which fits in with the intended main.redpoint.int), while Samba 4
>> seems to be looking for REDPOINT$.  This looks like it might be tying
>> into the Kerberos querying problem above.
>
> Your config is quite strange I don't know where you get it.
>
> A config from a provision should look like:
> [global]
>    server role = domain controller
>    workgroup = MATWS
>    realm = home.matws.net
>    netbios name = ARES
>    private dir = /home/mat/workspace/samba/homematwsnet/private
>    lock dir = /home/mat/workspace/samba/homematwsnet
>
> So I would recommand to change the netbios name from REPOINT to MAIN (as it
> seems to be in your config) and to add realm= repoint.int in the config
> file.

I think originally I had a smb.conf file from a provision when the
realm was roket-internal.int (way back before Alpha 13 that was
though) and so I just used what was generated in that one to work out
how to construct the smb.conf after I generated a new provision for
redpoint.int (it was likely I just used the existing smb.conf because
I wanted to keep all of my shares, not thinking about the [global]
section at all).

So anyway, this fixed the SPN update issue, but the Group Policy is
still not working, with the output still being:

Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4:192.168.1.84:59505
for LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT [renewable,
forwardable]
Kerberos: Searching referral for redpoint.redpoint.int
Kerberos: Server not found in database:
LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT: no such entry
found in hdb
Kerberos: Failed building TGS-REP to ipv4:192.168.1.84:59505

Now I'm not sure whether it's the Samba 4 server generating the
"LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT" string or
whether it's my PC as it requests Group Policy (but you guys will know
the answer to this).

Regards, James Rhodes.


More information about the samba-technical mailing list