[Samba] probably auth problem
Ádám Koleszár
adam.koleszar at virtual-call-center.eu
Fri May 16 08:08:42 MDT 2014
Hi,
I am using samba 4.1.7 as Domain Controller. Actually I have two samba
servers DC1 and DC2. DC1 is the primary DC and DC2 joined as another DC.
We use the Active Directory for a couple of weeks. The directory
replication works fine, and a sysvol replication works with rsync. (I
set it up based on the samba wiki). But I have a problem with the
authentication. If I log in to a windows machine (which is part of the
domain) I can reach all GPO's folder (and files included) on the SYSVOL
volume on DC1 but I can't reach on the DC2. The "authenticated users"
have read rights on GPO's folders but I can read just on DC1. Then I
stopped the DC1, restarted the windows and I could read the GPO's
directory on DC2.
It looks like if I log in to the Windows I've been added to the
"authenticated users" group on just one of the domain controllers not
all of them. And it generates error when I am running gpupdate. If the
gpupdate tries to reach the GPO on different server than I logged in, I
got access denied. It happens on Win8. Win7 works fine. Maybe Win7 gets
the GPO from the same DC every time and the Win8 selects randomly. I
think when I log in to the a Windows my user should be added to the
"authenticated users" group on all domain controllers.
I tried "samba-tool ntacl sysvolreset" multiple times, haven't solved
the problem. The sysvol and every GPO folders' permissions are right,
there is read permission for the "authenticated users" group.
What could be the problem? Am I doing something wrong or it's a bug? Is
anyone here that facing with this issue?
By the way, how can I list the currently authenticated users on a samba
server?
Thank You,
Adam
More information about the samba
mailing list