Group Policy not working + other problems

Matthieu Patou mat at
Mon Jul 18 02:05:59 MDT 2011

On 18/07/2011 11:55, James Rhodes wrote:
> On Mon, Jul 18, 2011 at 5:33 PM, James Rhodes
> <jrhodes at>  wrote:
>> On Sun, Jul 17, 2011 at 11:50 PM, Matthieu Patou<mat at>  wrote:
>>> On 17/07/2011 14:42, James Rhodes wrote:
>>>> smb.conf:
>>>> ldbsearch output:
>>>> Judging from the output of ldbsearch, the computer object is MAIN$
>>>> (which fits in with the intended, while Samba 4
>>>> seems to be looking for REDPOINT$.  This looks like it might be tying
>>>> into the Kerberos querying problem above.
>>> Your config is quite strange I don't know where you get it.
>>> A config from a provision should look like:
>>> [global]
>>>     server role = domain controller
>>>     workgroup = MATWS
>>>     realm =
>>>     netbios name = ARES
>>>     private dir = /home/mat/workspace/samba/homematwsnet/private
>>>     lock dir = /home/mat/workspace/samba/homematwsnet
>>> So I would recommand to change the netbios name from REPOINT to MAIN (as it
>>> seems to be in your config) and to add realm= in the config
>>> file.
>> I think originally I had a smb.conf file from a provision when the
>> realm was (way back before Alpha 13 that was
>> though) and so I just used what was generated in that one to work out
>> how to construct the smb.conf after I generated a new provision for
>> (it was likely I just used the existing smb.conf because
>> I wanted to keep all of my shares, not thinking about the [global]
>> section at all).
>> So anyway, this fixed the SPN update issue, but the Group Policy is
>> still not working, with the output still being:
>> Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4:
>> for LDAP/ at REDPOINT.INT [renewable,
>> forwardable]
>> Kerberos: Searching referral for
>> Kerberos: Server not found in database:
>> LDAP/ at REDPOINT.INT: no such entry
>> found in hdb
>> Kerberos: Failed building TGS-REP to ipv4:
>> Now I'm not sure whether it's the Samba 4 server generating the
>> "LDAP/ at REDPOINT.INT" string or
>> whether it's my PC as it requests Group Policy (but you guys will know
>> the answer to this).
> Actually Group Policy is now working on a machine that I just booted,
> so I'm going to assume that it's simply a matter of time (either by
> rebooting machines or cache timeouts) before Group Policy starts
> working across all of them again.
Well maybe you'll have to unjoin/rejoin as the computer still thinks 
that the server is called redpoint ...


Matthieu Patou
Samba Team
Private repo;a=summary

More information about the samba-technical mailing list