Group Policy not working + other problems
James Rhodes
jrhodes at redpointsoftware.com.au
Mon Jul 18 02:59:09 MDT 2011
On Mon, Jul 18, 2011 at 6:05 PM, Matthieu Patou <mat at samba.org> wrote:
> On 18/07/2011 11:55, James Rhodes wrote:
>>
>> On Mon, Jul 18, 2011 at 5:33 PM, James Rhodes
>> <jrhodes at redpointsoftware.com.au> wrote:
>>>
>>> On Sun, Jul 17, 2011 at 11:50 PM, Matthieu Patou<mat at samba.org> wrote:
>>>>
>>>> On 17/07/2011 14:42, James Rhodes wrote:
>>>>>
>>>>> smb.conf:http://codepad.org/WmjkASIa
>>>>> ldbsearch output:http://codepad.org/JokbT5mn
>>>>>
>>>>> Judging from the output of ldbsearch, the computer object is MAIN$
>>>>> (which fits in with the intended main.redpoint.int), while Samba 4
>>>>> seems to be looking for REDPOINT$. This looks like it might be tying
>>>>> into the Kerberos querying problem above.
>>>>
>>>> Your config is quite strange I don't know where you get it.
>>>>
>>>> A config from a provision should look like:
>>>> [global]
>>>> server role = domain controller
>>>> workgroup = MATWS
>>>> realm = home.matws.net
>>>> netbios name = ARES
>>>> private dir = /home/mat/workspace/samba/homematwsnet/private
>>>> lock dir = /home/mat/workspace/samba/homematwsnet
>>>>
>>>> So I would recommand to change the netbios name from REPOINT to MAIN (as
>>>> it
>>>> seems to be in your config) and to add realm= repoint.int in the config
>>>> file.
>>>
>>> I think originally I had a smb.conf file from a provision when the
>>> realm was roket-internal.int (way back before Alpha 13 that was
>>> though) and so I just used what was generated in that one to work out
>>> how to construct the smb.conf after I generated a new provision for
>>> redpoint.int (it was likely I just used the existing smb.conf because
>>> I wanted to keep all of my shares, not thinking about the [global]
>>> section at all).
>>>
>>> So anyway, this fixed the SPN update issue, but the Group Policy is
>>> still not working, with the output still being:
>>>
>>> Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4:192.168.1.84:59505
>>> for LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT [renewable,
>>> forwardable]
>>> Kerberos: Searching referral for redpoint.redpoint.int
>>> Kerberos: Server not found in database:
>>> LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT: no such entry
>>> found in hdb
>>> Kerberos: Failed building TGS-REP to ipv4:192.168.1.84:59505
>>>
>>> Now I'm not sure whether it's the Samba 4 server generating the
>>> "LDAP/redpoint.redpoint.int/redpoint.int at REDPOINT.INT" string or
>>> whether it's my PC as it requests Group Policy (but you guys will know
>>> the answer to this).
>>
>> Actually Group Policy is now working on a machine that I just booted,
>> so I'm going to assume that it's simply a matter of time (either by
>> rebooting machines or cache timeouts) before Group Policy starts
>> working across all of them again.
>
> Well maybe you'll have to unjoin/rejoin as the computer still thinks that
> the server is called redpoint ...
Nope, it's all working now (even on this computer which I did not reboot).
Regards, James.
More information about the samba-technical
mailing list