[Samba] Samba 4 and gpo in win7

Kalle Pettersson taetre at bredband.net
Mon May 16 02:50:11 MDT 2011 

Attached a wireshark file with captures during a gpupdate from a win7 client. 

In fact we have more then one DC. 

All of the times when trying to access sysvol folder I´v tried through \\"ip-nr"\sysvol and not through \\"domain.com"\sysvol. Through \\"domain.com"\sysvol I cannot access sysvol. 
Is it must to access it that way? Or is it me that getting this all wrong? 





----- Ursprungligt meddelande -----

Från: "Matthieu Patou" <mat at samba.org> 
Till: samba at lists.samba.org 
Skickat: fredag, 13 maj 2011 22:22:50 
Ämne: Re: [Samba] Samba 4 and gpo in win7 

On 13/05/2011 20:34, Michael Wood wrote: 
> On 13 May 2011 13:23, Kalle Pettersson<taetre at bredband.net> wrote: 
>> Hi! 
>> 
>> Could access sysvol directory per default from xp and win7 machines. 
>> 
>> Tried adding adding host msdfs = yes in smb.conf. 
>> 
>> Afterwards non of the clients could access sysvol directory through explorer view. 
> First, what path did you try to connect to exactly? Assuming your 
> server is called server.example.com, did you connect to \\SERVER\... 
> or was it \\example.com\...? 
you have to try \\domain.tld\ because that's the way client will do. 

>> And still no gpo applying for win7 clients. 
>> 
>> I´m kinda confused. Are gpo suppose to work with samba4 and win7? 
>> It works perfect with my win xp clients. 
> I think it is supposed to work, but I've not tried it. I'm sure one 
> of the Samba developers will say if it's not supposed to work. 
Might be a bug (what a surprise ;-) ) in the dfs referal naming 
resolution, I really happy to help I just need more information. 

Like a trace and the fact if you have more than 1 DC. 

In short if you don't have host msdfs = yes, the client will revert to 
NT4 authentication when trying to access \\domain.tld\sysvol ... as the 
client can't do kerberos authentication on a domain SPN. 

XP is quite ok with this degradation, w7 has some problems some time and 
tend to do unauthenticated mode which of course fail ! 

Starting samba in more verbose mode could help too (-d 4 should be good). 


Matthieu 
-- 
Matthieu Patou 
Samba Team http://samba.org 
Private repo http://git.samba.org/?p=mat/samba.git;a=summary 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list