[Samba] Group Policies are not applied

[Pisch Tamás]

> > > CMD : ipconfig /all
> > > Check dns-suffix and primary domain suffix..
> > ad.ourdomain.hu: thats ok.
> >
> > > What is windows event ID telling?
> > 1053 and 1055. Windows cannot resolve user/computer name.
> > > And, did you test with the firewall off.. of not at least try it.
> > Unfortunately not. It let in the vpn traffic, and it has several other
> > important rules. As I see, traffic between dc2 and the client Win10 is
> > not filtered. dc2 runs on a Windows 2008 hypervisor. I'm going to move
> > it to Vmware in 1-2 days, because I've read an article about that
> > Windows 2008 has a network problem what could cause similar problem
> > (yes, Windows 2008 is too old, but I inherited that environment).
>
> Ah, 1053 and 1055 .. well
>
> If its RoadWarrior setup, you can try this
>
> Add-VpnConnection -Name "VpnConnectionNAME" -ServerAddress "vpn.domain.tld " -TunnelType "IKEv2" -AuthenticationMethod EAP -SplitTunneling -DnsSuffix " ad.ourdomain.hu" -AllUserConnection
> Add-VpnConnectionRoute -ConnectionName " VpnConnectionNAME" -DestinationPrefix "IP_RANGE_LAN_BEHIND_VPN" -PassThru -AllUserConnection
> Add-VpnConnectionRoute " VpnConnectionNAME" ::/1 -AllUserConnection
> Add-VpnConnectionRoute " VpnConnectionNAME" 8000::/1 -AllUserConnection

Thanks. I made a vpn connection according to this, but no progress.
With my previous vpn connection, I can ping dc2 and dc1, but with your
version, I can ping only dc2.
Windows10---(vpn)---dc2---(vpn)---dc1
In the present network there is a Windows AD. I want to replace it
because it has .local ending. So the problem is that dhcp gived old
DNS servers to the clients. I set up fixed DNS server settings in the
connections (wifi, vpn) before this. Isn't it enough for the name
resolution? ping dc1,dc2 worked.
It was strange me that in the PPP configuration (ipconfig result) I
can see dhcp enabled: no, but I get the wrong DNS servers, so this is
why I set up fixed DNS server settings before. But it didn't solve the
problem.
I get wins server addresses from dhcp, so I disabled Netbios over tcp
(I didn't set up wins on the new dcs).

> http://woshub.com/dns-resolution-via-vpn-not-working-windows/

In split tunneling mode I can ping domains on the Internet, and I can
ping dc2 by name too. As I understood this page describes how to
eliminate the problem that I cannot ping dc2 by name just, for example
google.com.

> If its a LAN2LAN, most should work, i have that here.
> my remote PC's just login at main office,
> you can try and set the DNS and dns domain in the ip settings
> If the VPN tunnel isnt restricted that should work.

I think you say what I made before: fixed dns server settings, so it
didn't solve the problem. On the VPN server, there are no filter
settings.

> But there is more going on in the Windows 10 setups, thats first to make sure its all ok.

Any ideas are welcome.