[Samba] Samba 4 and gpo in win7

Matthieu Patou mat at samba.org
Thu May 19 07:17:42 MDT 2011

On 16/05/2011 12:50, Kalle Pettersson wrote:
> Attached a wireshark file with captures during a gpupdate from a win7 client.
> In fact we have more then one DC.
> All of the times when trying to access sysvol folder I´v tried through \\"ip-nr"\sysvol and not through \\"domain.com"\sysvol. Through \\"domain.com"\sysvol I cannot access sysvol.

You seems to have a big problem in your DNS configuration as you are not 
even doing SMB calls, and looking at DNS problems it's quite clear.

You had to fix them before being able to move forward.

> Is it must to access it that way? Or is it me that getting this all wrong?
> ----- Ursprungligt meddelande -----
> Från: "Matthieu Patou"<mat at samba.org>
> Till: samba at lists.samba.org
> Skickat: fredag, 13 maj 2011 22:22:50
> Ämne: Re: [Samba] Samba 4 and gpo in win7
> On 13/05/2011 20:34, Michael Wood wrote:
>> On 13 May 2011 13:23, Kalle Pettersson<taetre at bredband.net>  wrote:
>>> Hi!
>>> Could access sysvol directory per default from xp and win7 machines.
>>> Tried adding adding host msdfs = yes in smb.conf.
>>> Afterwards non of the clients could access sysvol directory through explorer view.
>> First, what path did you try to connect to exactly? Assuming your
>> server is called server.example.com, did you connect to \\SERVER\...
>> or was it \\example.com\...?
> you have to try \\domain.tld\ because that's the way client will do.
>>> And still no gpo applying for win7 clients.
>>> I´m kinda confused. Are gpo suppose to work with samba4 and win7?
>>> It works perfect with my win xp clients.
>> I think it is supposed to work, but I've not tried it. I'm sure one
>> of the Samba developers will say if it's not supposed to work.
> Might be a bug (what a surprise ;-) ) in the dfs referal naming
> resolution, I really happy to help I just need more information.
> Like a trace and the fact if you have more than 1 DC.
> In short if you don't have host msdfs = yes, the client will revert to
> NT4 authentication when trying to access \\domain.tld\sysvol ... as the
> client can't do kerberos authentication on a domain SPN.
> XP is quite ok with this degradation, w7 has some problems some time and
> tend to do unauthenticated mode which of course fail !
> Starting samba in more verbose mode could help too (-d 4 should be good).
> Matthieu

Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the samba mailing list