Group Policy not working + other problems

James Rhodes jrhodes at
Mon Jul 18 02:59:09 MDT 2011

On Mon, Jul 18, 2011 at 6:05 PM, Matthieu Patou <mat at> wrote:
> On 18/07/2011 11:55, James Rhodes wrote:
>> On Mon, Jul 18, 2011 at 5:33 PM, James Rhodes
>> <jrhodes at>  wrote:
>>> On Sun, Jul 17, 2011 at 11:50 PM, Matthieu Patou<mat at>  wrote:
>>>> On 17/07/2011 14:42, James Rhodes wrote:
>>>>> smb.conf:
>>>>> ldbsearch output:
>>>>> Judging from the output of ldbsearch, the computer object is MAIN$
>>>>> (which fits in with the intended, while Samba 4
>>>>> seems to be looking for REDPOINT$.  This looks like it might be tying
>>>>> into the Kerberos querying problem above.
>>>> Your config is quite strange I don't know where you get it.
>>>> A config from a provision should look like:
>>>> [global]
>>>>    server role = domain controller
>>>>    workgroup = MATWS
>>>>    realm =
>>>>    netbios name = ARES
>>>>    private dir = /home/mat/workspace/samba/homematwsnet/private
>>>>    lock dir = /home/mat/workspace/samba/homematwsnet
>>>> So I would recommand to change the netbios name from REPOINT to MAIN (as
>>>> it
>>>> seems to be in your config) and to add realm= in the config
>>>> file.
>>> I think originally I had a smb.conf file from a provision when the
>>> realm was (way back before Alpha 13 that was
>>> though) and so I just used what was generated in that one to work out
>>> how to construct the smb.conf after I generated a new provision for
>>> (it was likely I just used the existing smb.conf because
>>> I wanted to keep all of my shares, not thinking about the [global]
>>> section at all).
>>> So anyway, this fixed the SPN update issue, but the Group Policy is
>>> still not working, with the output still being:
>>> Kerberos: TGS-REQ james-pc$@REDPOINT.INT from ipv4:
>>> for LDAP/ at REDPOINT.INT [renewable,
>>> forwardable]
>>> Kerberos: Searching referral for
>>> Kerberos: Server not found in database:
>>> LDAP/ at REDPOINT.INT: no such entry
>>> found in hdb
>>> Kerberos: Failed building TGS-REP to ipv4:
>>> Now I'm not sure whether it's the Samba 4 server generating the
>>> "LDAP/ at REDPOINT.INT" string or
>>> whether it's my PC as it requests Group Policy (but you guys will know
>>> the answer to this).
>> Actually Group Policy is now working on a machine that I just booted,
>> so I'm going to assume that it's simply a matter of time (either by
>> rebooting machines or cache timeouts) before Group Policy starts
>> working across all of them again.
> Well maybe you'll have to unjoin/rejoin as the computer still thinks that
> the server is called redpoint ...

Nope, it's all working now (even on this computer which I did not reboot).

Regards, James.

More information about the samba-technical mailing list