[Samba] group policy update fails
Rowland Penny
rpenny at samba.org
Fri Nov 18 18:48:34 UTC 2016
On Fri, 18 Nov 2016 21:29:25 +0400
Mike Lykov via samba <samba at lists.samba.org> wrote:
> 18.11.2016 16:45, L.P.H. van Belle via samba пишет:
>
> > Ok just to verify.
> >
> > DC name=
> > ad41.dc.samges.ru
> >
> > dnsdomain= dc.samges.ru
>
> yes
>
> > Kerberos domain ??
>
> /etc/krb5.conf
> [libdefaults]
> default_realm = DC.SAMGES.RU
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> > Im guessing you kerberos to dnsdomain mapping is wrong.
> > Can you post the
> > /etc/hosts
> > /etc/resolv.conf
> > /etc/krb5.conf
>
> and see thread "DC server own hostname must be part of ad dc domain?"
> here from me.
>
> In your script you use dns query like
> SETDNSDOMAIN=`hostname -d`
> ... $(host -t SRV _kerberos._udp.${SETDNSDOMAIN}
> but in my case it's not work, because
> SETDNSDOMAIN=samges.ru instead of dc.samges.ru
> (I patch it with setting SETDNSDOMAIN=dc.samges.ru by hand)
If 'hostname -d' is returning 'samges.ru' then everything else will
have to be 'samges.ru'
I think you need to check in AD, just what is the rootdse ?
Is it 'DC=samges,DC=ru' or 'DC=dc,DC=samges,DC=ru' ?
If it is the later, then you need to make 'hostname -d' return
'dc.samges.ru'
Rowland
More information about the samba
mailing list