[Samba] probably auth problem

Koleszár Ádám adam.koleszar at virtual-call-center.eu
Mon May 19 00:18:38 MDT 2014


A "little" correction. I said, if I stoped the DC1, then I could run the 
gpupdate without any problem. It's wrong. If I stoped DC2, I could run 
gpupdate without any problem, but If I stop DC1 gpupdate still failes. 
So something is wrong with the DC2.


2014-05-16 16:08 keltezéssel, Ádám Koleszár írta:
> Hi,
> I am using samba 4.1.7 as Domain Controller. Actually I have two samba 
> servers DC1 and DC2. DC1 is the primary DC and DC2 joined as another 
> DC. We use the Active Directory for a couple of weeks. The directory 
> replication works fine, and a sysvol replication works with rsync. (I 
> set it up based on the samba wiki). But I have a problem with the 
> authentication. If I log in to a windows machine (which is part of the 
> domain) I can reach all GPO's folder (and files included) on the 
> SYSVOL volume on DC1 but I can't reach on the DC2. The "authenticated 
> users" have read rights on GPO's folders but I can read just on DC1. 
> Then I stopped the DC1, restarted the windows and I could read the 
> GPO's directory on DC2.
> It looks like if I log in to the Windows I've been added to the 
> "authenticated users" group on just one of the domain controllers not 
> all of them. And it generates error when I am running gpupdate. If the 
> gpupdate tries to reach the GPO on different server than I logged in, 
> I got access denied. It happens on Win8. Win7 works fine. Maybe Win7 
> gets the GPO from the same DC every time and the Win8 selects 
> randomly. I think when I log in to the a Windows my user should be 
> added to the "authenticated users" group on all domain controllers.
> I tried "samba-tool ntacl sysvolreset" multiple times, haven't solved 
> the problem. The sysvol and every GPO folders' permissions are right, 
> there is read permission for the "authenticated users" group.
> What could be the problem? Am I doing something wrong or it's a bug? 
> Is anyone here that facing with this issue?
> By the way, how can I list the currently authenticated users on a 
> samba server?
> Thank You,
> Adam

More information about the samba mailing list