[Samba] Samba 4 and gpo in win7

Matthieu Patou mat at samba.org
Fri May 13 14:22:50 MDT 2011

On 13/05/2011 20:34, Michael Wood wrote:
> On 13 May 2011 13:23, Kalle Pettersson<taetre at bredband.net>  wrote:
>> Hi!
>> Could access sysvol directory per default from xp and win7 machines.
>> Tried adding adding host msdfs = yes in smb.conf.
>> Afterwards non of the clients could access sysvol directory through explorer view.
> First, what path did you try to connect to exactly?  Assuming your
> server is called server.example.com, did you connect to \\SERVER\...
> or was it \\example.com\...?
you have to try \\domain.tld\ because that's the way client will do.

>> And still no gpo applying for win7 clients.
>> I´m kinda confused. Are gpo suppose to work with samba4 and win7?
>> It works perfect with my win xp clients.
> I think it is supposed to work, but I've not tried it.  I'm sure one
> of the Samba developers will say if it's not supposed to work.
Might be a bug (what a surprise ;-) ) in the dfs referal naming 
resolution, I really happy to help I just need more information.

Like a trace and the fact if you have more than 1 DC.

In short if you don't have host msdfs = yes, the client will revert to 
NT4 authentication when trying to access \\domain.tld\sysvol ... as the 
client can't do kerberos authentication on a domain SPN.

XP is quite ok with this degradation, w7 has some problems some time and 
tend to do unauthenticated mode which of course fail !

Starting samba in more verbose mode could help too (-d 4 should be good).

Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the samba mailing list