[Samba] group policy update fails
L.P.H. van Belle
belle at bazuin.nl
Fri Nov 18 08:04:57 UTC 2016
This looks all good.
Can you check you database replication with my script.
http://downloads.van-belle.nl/samba4/samba-check-db-repl.sh
It does some basic checked to detect the AD DC's.
And it compaires the ad db database in 2 ways.
And can you try it again but unselect the IPV6 in the computer its network settings.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens John Farmer via
> samba
> Verzonden: donderdag 17 november 2016 23:01
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] group policy update fails
>
> We can login just fine but Group Policy Update is throwing an error
>
> gpupdate
> Updating Policy...
>
> User policy could not be updated successfully. The following errors
> were encount
> ered:
>
> The processing of Group Policy failed. Windows could not determine if
> the user a
> nd computer accounts are in the same forest. Ensure the user domain
> name matches
> the name of a trusted domain that resides in the same forest as the
> computer ac
> count.
> Computer Policy update has completed successfully.
>
> Windows Event Viewer Log shows:
>
> EventID 1110
> ErrorCode 1311
> ErrorDescription There are currently no logon servers available to
> service the logon request.
>
>
> Ive tried "samba-tool ntacl sysvolreset"
>
>
>
> gpresult /r
> INFO: The user does not have RSOP data.
>
>
>
>
> ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : guymcfearsome
> Primary Dns Suffix . . . . . . . : ad.poopybutthole.com
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : poopybutthole.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Qualcomm Atheros AR8161/8165
> PCI-E Gigabi
> t Ethernet Controller (NDIS 6.20)
> Physical Address. . . . . . . . . : 94-DE-80-2F-D5-A2
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::f94d:55d6:8406:f24%11(Preferred)
> IPv4 Address. . . . . . . . . . . : 10.243.0.47(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
> Default Gateway . . . . . . . . . : 10.243.0.4
> DHCPv6 IAID . . . . . . . . . . . : 244637312
> DHCPv6 Client DUID. . . . . . . . :
> 00-01-00-01-19-30-AE-C5-94-DE-80-2F-D5-A2
>
> DNS Servers . . . . . . . . . . . : 10.243.0.90
> 10.243.0.91
> Primary WINS Server . . . . . . . : 10.243.0.103
> NetBIOS over Tcpip. . . . . . . . : Enabled
>
>
>
> cat /etc/resolve.conf
>
> search ad.poopybutthole.com poopybutthole.com
> nameserver 10.243.0.91
> nameserver 10.243.0.90
>
>
> Can telnet to 53 on dns server also can get to port 389 and 636 on the DC
>
>
>
> [root at dc1 samba]# cat /etc/samba/smb.conf
> # Global parameters
> [global]
> workgroup = AD
> realm = AD.poopybutthole.COM
> netbios name = DC1
> interfaces = 10.243.0.90/16
> bind interfaces only = Yes
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> time server = yes
> server services = -dns
> [netlogon]
> path = /var/lib/samba/sysvol/ad.poopybutthole.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
>
>
> I can also get to the sysvol shares and netlogon shares just fine.
>
> [root at dc1 samba]# cat /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> dns_lookup_realm = false
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> rdns = false
> # default_realm = EXAMPLE.COM
> default_ccache_name = KEYRING:persistent:%{uid}
>
> [realms]
> # EXAMPLE.COM = {
> # kdc = kerberos.example.com
> # admin_server = kerberos.example.com
> # }
>
> [domain_realm]
> # .example.com = EXAMPLE.COM
> # example.com = EXAMPLE.COM
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list