Group Policy not working + other problems

Matthieu Patou mat at samba.org
Mon Jul 18 02:05:59 MDT 2011


On 18/07/2011 11:55, James Rhodes wrote:
> On Mon, Jul 18, 2011 at 5:33 PM, James Rhodes
> <jrhodes at redpointsoftware.com.au>  wrote:
>> On Sun, Jul 17, 2011 at 11:50 PM, Matthieu Patou<mat at samba.org>  wrote:
>>> On 17/07/2011 14:42, James Rhodes wrote:
>>>> smb.conf:http://codepad.org/WmjkASIa
>>>> ldbsearch output:http://codepad.org/JokbT5mn
>>>>
>>>> Judging from the output of ldbsearch, the computer object is MAIN$
>>>> (which fits in with the intended main.redpoint.int), while Samba 4
>>>> seems to be looking for REDPOINT$.  This looks like it might be tying
>>>> into the Kerberos querying problem above.
>>> Your config is quite strange I don't know where you get it.
>>>
>>> A config from a provision should look like:
>>> [global]
>>>     server role = domain controller
>>>     workgroup = MATWS
>>>     realm = home.matws.net
>>>     netbios name = ARES
>>>     private dir = /home/mat/workspace/samba/homematwsnet/private
>>>     lock dir = /home/mat/workspace/samba/homematwsnet
>>>
>>> So I would recommand to change the netbios name from REPOINT to MAIN (as it
>>> seems to be in your config) and to add realm= repoint.int in the config
>>> file.
>> I think originally I had a smb.conf file from a provision when the
>> realm was roket-internal.int (way back before Alpha 13 that was
>> though) and so I just used what was generated in that one to work out
>> how to construct the smb.conf after I generated a new provision for
>> redpoint.int (it was likely I just used the existing smb.conf because
>> I wanted to keep all of my shares, not thinking about the [global]
>> section at all).
>>
>> So anyway, this fixed the SPN update issue, but the Group Policy is
>> still not working, with the output still being:
>>
>> Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4:192.168.1.84:59505
>> for LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT [renewable,
>> forwardable]
>> Kerberos: Searching referral for redpoint.redpoint.int
>> Kerberos: Server not found in database:
>> LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT: no such entry
>> found in hdb
>> Kerberos: Failed building TGS-REP to ipv4:192.168.1.84:59505
>>
>> Now I'm not sure whether it's the Samba 4 server generating the
>> "LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT" string or
>> whether it's my PC as it requests Group Policy (but you guys will know
>> the answer to this).
> Actually Group Policy is now working on a machine that I just booted,
> so I'm going to assume that it's simply a matter of time (either by
> rebooting machines or cache timeouts) before Group Policy starts
> working across all of them again.
Well maybe you'll have to unjoin/rejoin as the computer still thinks 
that the server is called redpoint ...

Matthieu.

-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary




More information about the samba-technical mailing list