Group Policy not working + other problems
James Rhodes
jrhodes at redpointsoftware.com.au
Mon Jul 18 01:55:39 MDT 2011
On Mon, Jul 18, 2011 at 5:33 PM, James Rhodes
<jrhodes at redpointsoftware.com.au> wrote:
> On Sun, Jul 17, 2011 at 11:50 PM, Matthieu Patou <mat at samba.org> wrote:
>> On 17/07/2011 14:42, James Rhodes wrote:
>>>
>>> smb.conf:http://codepad.org/WmjkASIa
>>> ldbsearch output:http://codepad.org/JokbT5mn
>>>
>>> Judging from the output of ldbsearch, the computer object is MAIN$
>>> (which fits in with the intended main.redpoint.int), while Samba 4
>>> seems to be looking for REDPOINT$. This looks like it might be tying
>>> into the Kerberos querying problem above.
>>
>> Your config is quite strange I don't know where you get it.
>>
>> A config from a provision should look like:
>> [global]
>> server role = domain controller
>> workgroup = MATWS
>> realm = home.matws.net
>> netbios name = ARES
>> private dir = /home/mat/workspace/samba/homematwsnet/private
>> lock dir = /home/mat/workspace/samba/homematwsnet
>>
>> So I would recommand to change the netbios name from REPOINT to MAIN (as it
>> seems to be in your config) and to add realm= repoint.int in the config
>> file.
>
> I think originally I had a smb.conf file from a provision when the
> realm was roket-internal.int (way back before Alpha 13 that was
> though) and so I just used what was generated in that one to work out
> how to construct the smb.conf after I generated a new provision for
> redpoint.int (it was likely I just used the existing smb.conf because
> I wanted to keep all of my shares, not thinking about the [global]
> section at all).
>
> So anyway, this fixed the SPN update issue, but the Group Policy is
> still not working, with the output still being:
>
> Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4:192.168.1.84:59505
> for LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT [renewable,
> forwardable]
> Kerberos: Searching referral for redpoint.redpoint.int
> Kerberos: Server not found in database:
> LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT: no such entry
> found in hdb
> Kerberos: Failed building TGS-REP to ipv4:192.168.1.84:59505
>
> Now I'm not sure whether it's the Samba 4 server generating the
> "LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT" string or
> whether it's my PC as it requests Group Policy (but you guys will know
> the answer to this).
Actually Group Policy is now working on a machine that I just booted,
so I'm going to assume that it's simply a matter of time (either by
rebooting machines or cache timeouts) before Group Policy starts
working across all of them again.
Thanks for the help everyone!
Regards, James Rhodes.
More information about the samba-technical
mailing list