[Samba] gpo not applied a boot computer
David Jehin
bedou210977 at gmail.com
Wed Feb 27 10:38:05 UTC 2019
thank you for your reply. I did these policies well, but no improvement. I
think of a problem with kerberos, when the client computer starts. with an
active directory normally "samba-tool domain provision", I have no problem,
it is a problem with the migration pdc samba3 to samba4 AD that have to
pose difficulties.
thank you
Le mer. 27 févr. 2019 à 10:48, L.P.H. van Belle via samba <
samba at lists.samba.org> a écrit :
> Hai,
>
>
> Did you set in the GPO (computer policy)
>
> Under System\Logon, "Always wait for the network at computer startup and
> logon" = Enabled"
>
> If its a script, also add these.
>
> "Configure Network Options preference extension policy processing" is
> "Enabled"
> "Configure Logon Script Delay" = Enabled and set to 0
>
> And, after setting the GPO, reboot 2 x ! or login as Domain\Administrator
> and run gupdate /force
> Then reboot. (1x)
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > David Jehin via samba
> > Verzonden: woensdag 27 februari 2019 10:41
> > Aan: Sérgio Basto
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] gpo not applied a boot computer
> >
> > thank you for your reply. bind rights are correct.
> > >
> > > but the problem does not come from the dns, they are well updated.
> > >
> > > gpo are not applied only to the startup of the computer.
> > After a user logs
> > >> in, the gpupdate / force command is applied correctly.
> > >
> > > the samba server side logs are:
> > >
> > >
> >
> > > [2019/02/26 12:20:06.751340, 2]
> > ../source3/smbd/service.c:1120(close_cnum)
> > >>
> > >> S server Update(krb5)(1) Update failed: Miscellaneous failure (see
> > >>> text): Decrypt integrity check failed
> > >>
> > >> [2019/02/25 10:21:11.914286, 1]
> > >>>
> > ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> > >>
> > >> gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
> > >>> NEG_TOKEN_INIT content failed (next[(null)]):
> > NT_STATUS_LOGON_FAILURE
> > >>
> > >>
> >
> > > the logs on windows 10 are: error id : 1130 and 1058
> > >
> > >
> > thank
> >
> > >
> > >
> > > In my notes if you use --dns-backend=BIND9_DLZ
> > >
> > > # To start named (bind)
> > > chgrp named /var/lib/samba/private
> > > chmod g+rx /var/lib/samba/private
> > >
> > > Samba 4.8
> > > ls -lai /var/lib/samba/bind-dns/dns/sam.ldb.d/
> > > (everything 660 e root:named)
> > >
> > > ll /var/lib/samba/bind-dns/dns/
> > > -rw-rw---- 1 root named 3014656 Nov 15 16:36 sam.ldb
> > > drwxrwx--- 2 root named 281 Nov 15 16:36 sam.ldb.d
> > >
> > > chmod g+w /var/lib/samba/bind-dns
> > > chgrp named /var/lib/samba/private/dns.keytab
> > > chmod g+r /var/lib/samba/private/dns.keytab
> > >
> > >
> > >
> > > --
> > > Sérgio M. B.
> > >
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list