[Samba] Samba 4 and gpo in win7

L.P.H. van Belle belle at bazuin.nl
Fri Jun 3 02:10:25 MDT 2011 

Hai Mat, 

It how the naming is used... 

a domain called demo.samba4.corp and a DC inside called dc1 with IP address 1.2.3.4
>The following will work:
>* \\1.2.3.4\sysvol
>* \\dc1.demo.samba4.corp\sysvol

Yes it does, but gain. 

in this example the domain is: samba4.corp
the subdomain is : demo
and the host is : dc1 

the domainname is not : dc1.demo.samba4.corp 
and again : your personal domain called: home.matws.net.
no.. you domain is matws.net with subdomain home. 

People get confused if naming isn't correcty used. 

Nice how you explained the working of DFS, thats very informational for samba users. 

and yes, i should be clearer by what i ment, sorry for that. 

Louis



>-----Oorspronkelijk bericht-----
>Van: mat at samba.org [mailto:samba-bounces at lists.samba.org] 
>Namens Matthieu Patou
>Verzonden: 2011-06-03 09:59
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba 4 and gpo in win7
>
>Hello Louis,
>On 03/06/2011 10:57, L.P.H. van Belle wrote:
>> in your example
>>
>>> Accessing sysvol works through: \\ip\sysvol 
>and>\\dc.domain_name\sysvol
>> 					^^^^^^^^		
>  ^^^^^^^^^^^^^^^^
>> 					Ipadres		  
>Hostname.domainname_local
>>
>>> Doesn´t work through \\domainname\sysvol
>> 			^^^^^^^^^^^^^^
>> 			expected here is \\hostname
>> 			\\domainname is a no go.
>Your email is cryptic at best, what's the sense of your remarks ?
>I persists to say that if you have a domain called 
>demo.samba4.corp and 
>a DC inside called dc1 with IP address 1.2.3.4
>The following will work:
>* \\1.2.3.4\sysvol
>* \\dc1.demo.samba4.corp\sysvol
>
>If you activate the option "host msdfs" in the global section of 
>smb.conf then the following will work as well:
>* \\demo.samba4.corp\sysvol
>
>And that's the way group policy tools (gpmc.msc) stores GPO 
>informations 
>in the Active Directory Database. Check the example bellow with my 
>personal domain called home.matws.net.
>
>
>./bin/ldbsearch -H ~/workspace//samba/homematwsnet/private/sam.ldb -b 
>"CN=Policies,CN=System,DC=home,DC=matws,DC=net" '(gPCFileSysPath=*)' 
>gPCFileSysPath
># record 1
>dn: 
>CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System
>,DC=home,DC=matws,DC=net
>gPCFileSysPath: 
>\\home.matws.net\sysvol\home.matws.net\Policies\{6AC1786C-016F
>  -11D2-945F-00C04FB984F9}
>
># record 2
>dn: 
>CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System
>,DC=home,DC=matws,DC=net
>gPCFileSysPath: 
>\\home.matws.net\sysvol\home.matws.net\Policies\{31B2F340-016D
>  -11D2-945F-00C04FB984F9}
>
># record 3
>dn: 
>CN={D1A937AB-7413-4E0D-ABF1-CBE9A3730C66},CN=Policies,CN=System
>,DC=home,DC=matws,DC=net
>gPCFileSysPath: 
>\\home.matws.net\SysVol\home.matws.net\Policies\{D1A937AB-7413
>  -4E0D-ABF1-CBE9A3730C66}
>
># record 4
>dn: 
>CN={83AC0057-21E3-40E6-97EE-30C1D49498B6},CN=Policies,CN=System
>,DC=home,DC=matws,DC=net
>gPCFileSysPath: 
>\\home.matws.net\SysVol\home.matws.net\Policies\{83AC0057-21E3
>  -40E6-97EE-30C1D49498B6}
>
>
>For those who are interested, windows clients will check if the DC to 
>which they are connected support DFS, if so client will start 
>a DFS name 
>resolution protocol to be able to translate \\domainname.tld\sysvol to 
>\\dcname.domainname.tld\sysvol.
>
>So if the DC support DFS, the client will first send a request to get 
>all the domain supported by the DC, then client will check if in the 
>list there is its domain (in a 1 domain forest that's obvious but in a 
>multidomain forest it can be not so obvious). If so it will 
>ask this DC 
>for the list of DCs for this domain, the list is sorted by 
>cost so that 
>the first one are the closest (in the same windows site or in the site 
>with the smallest connection cost). Client will pick the first 
>DC in the 
>list and will then ask it for the list of servers that hosts 
>the sysvol 
>share. The DC will return the list of network path for accessing this 
>resource.
>
>
>More details are available to MS-DFSC.pdf.
>
>Matthieu.
>
>
>> Louis
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: kalle at zimbra.inputinterior.se
>>> [mailto:samba-bounces at lists.samba.org] Namens Kalle Pettersson
>>> Verzonden: 2011-05-20 16:51
>>> Aan: mat at samba.org
>>> CC: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Samba 4 and gpo in win7
>>>
>>> Hello!
>>>
>>> Attached a trace file while running gpupdate.
>>>
>>> Accessing sysvol works through: \\ip\sysvol and
>>> \\dc.domain_name\sysvol
>>> Doesn´t work through \\domainname\sysvol
>>>
>>>
>>>
>>>
>>>
>>> ----- Ursprungligt meddelande -----
>>>
>>> Från: "Matthieu Patou"<mat at samba.org>
>>> Till: samba at lists.samba.org, "samba-technical"
>>> <samba-technical at lists.samba.org>
>>> Skickat: torsdag, 19 maj 2011 15:31:34
>>> Ämne: Re: [Samba] Samba 4 and gpo in win7
>>>
>>> On 12/05/2011 11:21, taetre at bredband.net wrote:
>>>> Hello!
>>>>
>>>> Having an issue with getting gpo to apply for my win7
>>>> clients.
>>>>
>>>> Running samba4.
>>>>
>>>> Creating gpo with gpmc and they are created
>>>> under var/locks/sysvol/"mydomain"/policies
>>>>
>>>> They applies just perfect
>>>> on win xp clients but when trying on win7 clients they just
>>> won´t apply.
>>>>
>>>> When runnin gpupdate /force we get this(summary):
>>>>
>>> So I pushed a few fixes in the Git tree of samba and made a
>>> lot of tests
>>> about this.
>>> First you need:
>>> host msdfs = yes in the [global] part of your configuration.
>>>
>>> Then reboot XP / windows7.
>>>
>>> Try to access \\domain.tld\sysvol and also navigate inside it.
>>> If it works it means that dfs for sysvol is working in most
>>> the case it
>>> will solve Windows7 problems with fetching the GPO.
>>>
>>> If not make trace from the samba server and send us for
>>> analysis, trace
>>> can be done like this: tcpdump -i any host ip_of_the_client -s
>>> 16000 -w
>>> /tmp/trace.pcap.
>>>
>>> Matthieu.
>>>
>>>
>>>
>>>
>>> -- 
>>> Matthieu Patou
>>> Samba Team http://samba.org
>>> Private repo http://git.samba.org/?p=mat/samba.git;a=summary
>>>
>>>
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>
>
>-- 
>Matthieu Patou
>Samba Team        http://samba.org
>Private repo      http://git.samba.org/?p=mat/samba.git;a=summary
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list