[Samba] Group Policy failures related to machine password replication

Arthur Ramsey arthur_ramsey at mediture.com
Tue Sep 16 12:53:44 MDT 2014


I noticed on my last example it was accessing a different share, but the 
output seems the same as M3074$ except the chdir line is omitted.  
Anyone have ideas how to troubleshoot this.  I *can't* understand why 
this computer accounts can't access the computer GPOs.  I don't see 
indication of authentication failure, so access should be granted by the 
ACL for AUTHENTICATED USERS.

On 09/12/2014 02:13 PM, Arthur Ramsey wrote:
> Here is a compassion to working account.  The group membership is the 
> same.  It seems like it must be an authentication failure for 
> MEDITURE\M3074$?  These machines don't experience any trust 
> relationship errors when users login though.
> [2014/09/12 14:10:39.701192,  3] ../source3/smbd/service.c:856(make_connection_snum)
>    192.168.222.145 (ipv4:192.168.222.145:53319) connect to service IPC$ initially as user MEDITURE\M3101$ (uid=3000035, gid=3000013) (pid 19437)
> On 09/12/2014 02:05 PM, Arthur Ramsey wrote:
>> It appears I didn't troubleshoot correctly.
>>
>> The failed access attempts with the type command were attempts to 
>> login with guest.  Once I reset the machine account it tries to login 
>> with my account just for the domain controller used with netdom, 
>> which succeeds.  I captured debugging on DC02 while I ran gpupdate 
>> /force.
>> [2014/09/12 13:50:39.999633,  2] ../source3/smbd/service.c:856(make_connection_snum)
>>    192.168.222.194 (ipv4:192.168.222.194:50493) connect to service sysvol initially as user MEDITURE\M3074$ (uid=3000054, gid=3000013) (pid 18300)
>> [2014/09/12 13:50:40.001854,  3] ../source3/smbd/service.c:197(set_current_service)
>>    chdir (/usr/local/samba/var/locks/sysvol) failed, reason: Permission denied
>> I still don't know why these machine accounts are denied.
>> getfacl: Removing leading '/' from absolute path names
>> # file: usr/local/samba/var/locks/sysvol/mediture.dom/Policies/{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}/GPT.INI
>> # owner: 3000000
>> # group: MEDITURE\134Domain\040Admins
>> user::rwx
>> user:3000009:r-x
>> user:3000040:rwx
>> user:3000070:rwx
>> user:3000071:r-x
>> group::rwx
>> group:MEDITURE\134Domain\040Admins:rwx
>> group:3000009:r-x
>> group:MEDITURE\134Enterprise\040Admins:rwx
>> group:3000070:rwx
>> group:3000071:r-x
>> mask::rwx
>> other::---
>> On 09/12/2014 12:36 PM, Arthur Ramsey wrote:
>>> We are using Samba-4.1.11.
>>>
>>> I can run gpupdate /force without error on my machine.
>>> H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> [General]
>>> Version=65551
>>> displayName=New Group Policy Object
>>>
>>> H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> [General]
>>> Version=65551
>>> displayName=New Group Policy Object
>>>
>>> H:\>type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> [General]
>>> Version=65551
>>> displayName=New Group Policy Object
>>>
>>> H:\>type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> [General]
>>> Version=65551
>>> displayName=New Group Policy Object
>>> On several other machines in the same OU the computer GPOs fail.
>>> C:\Windows\system32>gpupdate /force
>>> Updating Policy...
>>>
>>> User Policy update has completed successfully.
>>> Computer policy could not be updated successfully. The following errors were encountered:
>>>
>>> The processing of Group Policy failed. Windows attempted to read the file \\mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
>>> a) Name Resolution/Network Connectivity to the current domain controller.
>>> b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
>>> c) The Distributed File System (DFS) client has been disabled.
>>>
>>> To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
>>> Event details indicate the file is accessed from DC02 as I expected 
>>> due to AD Sites configuration.  If I reset the machine account using 
>>> netdom against DC02 then I can access the file on DC02, but not the 
>>> other domain controllers.
>>> C:\Windows\system32>netdom resetpwd /server:dc01.mediture.dom /ud:MEDITURE\arthurr /pd:*
>>> [...]
>>>
>>> C:\Windows\system32>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> [General]
>>> Version=65551
>>> displayName=New Group Policy Object
>>>
>>> C:\Windows\system32>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>netdom resetpwd /server:dc02.mediture.dom /ud:MEDITURE\arthurr /pd:*
>>> [...]
>>>
>>> C:\Windows\system32>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> [General]
>>> Version=65551
>>> displayName=New Group Policy Object
>>>
>>> C:\Windows\system32>type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>netdom resetpwd /server:dc03.mediture.dom /ud:MEDITURE\arthurr /pd:*
>>> [...]
>>>
>>> C:\Windows\system32>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> [General]
>>> Version=65551
>>> displayName=New Group Policy Object
>>>
>>> C:\Windows\system32>type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>netdom resetpwd /server:dc04.mediture.dom /ud:MEDITURE\arthurr /pd:*
>>> [...]
>>>
>>> C:\Windows\system32>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc03.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> Access is denied.
>>>
>>> C:\Windows\system32>type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> type \\dc04.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini
>>> I use rsync to sync the sysvol folder across domain controllers.  
>>> I've also reset the access lists on all controllers using samba-tool 
>>> ntacl sysvolreset.
>>>
>>> I don't observe any DRS errors or errors in the samba log.
>>> samba-tool drs showrepl
>>> Default\DC01
>>> DSA Options: 0x00000001
>>> DSA object GUID: da9bb168-47a0-4368-aff3-bf06d1b869d2
>>> DSA invocationId: 58439028-5404-4b55-b267-671e626644b9
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> DC=DomainDnsZones,DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ Fri Sep 12 11:53:42 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:42 2014 CDT
>>>
>>> DC=DomainDnsZones,DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ Fri Sep 12 11:53:42 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:42 2014 CDT
>>>
>>> DC=DomainDnsZones,DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ Fri Sep 12 11:53:43 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:43 2014 CDT
>>>
>>> DC=ForestDnsZones,DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ Fri Sep 12 11:53:43 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:43 2014 CDT
>>>
>>> DC=ForestDnsZones,DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ Fri Sep 12 11:53:44 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:44 2014 CDT
>>>
>>> DC=ForestDnsZones,DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ Fri Sep 12 11:53:44 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:44 2014 CDT
>>>
>>> DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ Fri Sep 12 11:53:46 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:46 2014 CDT
>>>
>>> DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ Fri Sep 12 11:53:46 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:46 2014 CDT
>>>
>>> DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ Fri Sep 12 11:53:47 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:47 2014 CDT
>>>
>>> CN=Schema,CN=Configuration,DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ Fri Sep 12 11:53:47 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:47 2014 CDT
>>>
>>> CN=Schema,CN=Configuration,DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ Fri Sep 12 11:53:47 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:47 2014 CDT
>>>
>>> CN=Schema,CN=Configuration,DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ Fri Sep 12 11:53:48 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:48 2014 CDT
>>>
>>> CN=Configuration,DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ Fri Sep 12 11:53:48 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:48 2014 CDT
>>>
>>> CN=Configuration,DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ Fri Sep 12 11:53:48 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:48 2014 CDT
>>>
>>> CN=Configuration,DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ Fri Sep 12 11:53:49 2014 CDT was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ Fri Sep 12 11:53:49 2014 CDT
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> DC=DomainDnsZones,DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=mediture,DC=dom
>>> 	EP\DC02 via RPC
>>> 		DSA object GUID: 9febf392-a39d-4d92-b4d3-4d818a1ce807
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=mediture,DC=dom
>>> 	Default\DC03 via RPC
>>> 		DSA object GUID: 248a73b1-ffa5-46dd-bc4d-c468bf6bfead
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=mediture,DC=dom
>>> 	AWS\DC04 via RPC
>>> 		DSA object GUID: 97060bd3-0286-4417-b06d-83152aa06c4c
>>> 		Last attempt @ NTTIME(0) was successful
>>> 		0 consecutive failure(s).
>>> 		Last success @ NTTIME(0)
>>>
>>> ==== KCC CONNECTION OBJECTS ====
>>>
>>> Connection --
>>> 	Connection name: 6eba921b-0b6c-4cdb-8094-d4a15728d7bd
>>> 	Enabled        : TRUE
>>> 	Server DNS name : DC02.mediture.dom
>>> 	Server DN name  : CN=NTDS Settings,CN=DC02,CN=Servers,CN=EP,CN=Sites,CN=Configuration,DC=mediture,DC=dom
>>> 		TransportType: RPC
>>> 		options: 0x00000001
>>> Warning: No NC replicated for Connection!
>>> Connection --
>>> 	Connection name: 9b7312d1-a46a-435f-b867-0ca8128da202
>>> 	Enabled        : TRUE
>>> 	Server DNS name : DC03.mediture.dom
>>> 	Server DN name  : CN=NTDS Settings,CN=DC03,CN=Servers,CN=Default,CN=Sites,CN=Configuration,DC=mediture,DC=dom
>>> 		TransportType: RPC
>>> 		options: 0x00000001
>>> Warning: No NC replicated for Connection!
>>> Connection --
>>> 	Connection name: d84eed77-ab18-40ce-9023-60586596fb51
>>> 	Enabled        : TRUE
>>> 	Server DNS name : DC04.mediture.dom
>>> 	Server DN name  : CN=NTDS Settings,CN=DC04,CN=Servers,CN=AWS,CN=Sites,CN=Configuration,DC=mediture,DC=dom
>>> 		TransportType: RPC
>>> 		options: 0x00000001
>>> Warning: No NC replicated for Connection!
>>> I also have a possibly releated issue deleting LDAP objects. I can't 
>>> delete an object I just created and the ACL seems correct for the 
>>> LDAP object.
>>> ldbdel -Hldap://localhost  --realm=mediture.dom -UAdministrator OU=test,OU=Mediture_Workstations,OU=Mediture,DC=mediture,DC=dom
>>> Password for [MEDITURE\Administrator]:
>>> delete of 'OU=test,OU=Mediture_Workstations,OU=Mediture,DC=mediture,DC=dom' failed - (insufficient access rights) LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <>
>>> I am totally stumped.  Any help would be greatly apperciated!
>>> -- 
>>> Arthur Ramsey
>>> Systems Administrator
>>> Mediture
>>> arthur_ramsey at mediture.com
>>> 952.400.0323
>>>
>>> This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer atprivacyofficer at mediture.com.
>>
>> -- 
>> Arthur Ramsey
>> Systems Administrator
>> Mediture
>> arthur_ramsey at mediture.com
>> 952.400.0323
>>
>> This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer atprivacyofficer at mediture.com.
>
> -- 
> Arthur Ramsey
> Systems Administrator
> Mediture
> arthur_ramsey at mediture.com
> 952.400.0323
>
> This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer atprivacyofficer at mediture.com.

-- 
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323

This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer atprivacyofficer at mediture.com.



More information about the samba mailing list