[Samba] group policy update fails
John Farmer
jfarmer at industrialinfo.com
Thu Nov 17 22:01:28 UTC 2016
We can login just fine but Group Policy Update is throwing an error
gpupdate
Updating Policy...
User policy could not be updated successfully. The following errors
were encount
ered:
The processing of Group Policy failed. Windows could not determine if
the user a
nd computer accounts are in the same forest. Ensure the user domain
name matches
the name of a trusted domain that resides in the same forest as the
computer ac
count.
Computer Policy update has completed successfully.
Windows Event Viewer Log shows:
EventID 1110
ErrorCode 1311
ErrorDescription There are currently no logon servers available to
service the logon request.
Ive tried "samba-tool ntacl sysvolreset"
gpresult /r
INFO: The user does not have RSOP data.
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : guymcfearsome
Primary Dns Suffix . . . . . . . : ad.poopybutthole.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : poopybutthole.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8161/8165
PCI-E Gigabi
t Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 94-DE-80-2F-D5-A2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f94d:55d6:8406:f24%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.243.0.47(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.243.0.4
DHCPv6 IAID . . . . . . . . . . . : 244637312
DHCPv6 Client DUID. . . . . . . . :
00-01-00-01-19-30-AE-C5-94-DE-80-2F-D5-A2
DNS Servers . . . . . . . . . . . : 10.243.0.90
10.243.0.91
Primary WINS Server . . . . . . . : 10.243.0.103
NetBIOS over Tcpip. . . . . . . . : Enabled
cat /etc/resolve.conf
search ad.poopybutthole.com poopybutthole.com
nameserver 10.243.0.91
nameserver 10.243.0.90
Can telnet to 53 on dns server also can get to port 389 and 636 on the DC
[root at dc1 samba]# cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = AD
realm = AD.poopybutthole.COM
netbios name = DC1
interfaces = 10.243.0.90/16
bind interfaces only = Yes
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
time server = yes
server services = -dns
[netlogon]
path = /var/lib/samba/sysvol/ad.poopybutthole.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
I can also get to the sysvol shares and netlogon shares just fine.
[root at dc1 samba]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
More information about the samba
mailing list