[Samba] using Linux GPO

David Mulder dmulder at samba.org
Wed Nov 24 15:56:49 UTC 2021 

On 11/24/21 8:47 AM, Stefan Kania via samba wrote:
> Hello,
> 
> I'm setting up Linux-GPOs starting with motd. Testing with "samba-tool
> gpo list fs01" (fs01 is my linux-host). I see:
> ------------
> root at addc01:/home/stka# samba-tool gpo list fs01
> GPOs for user fs01
>      Linux-motd {A11688A4-97D2-4471-9EBC-C0A40F169339}
>      Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
> ------------
> 
> I reseted the permissions with "samba-tool ntacl sysvolreset" everything
> is fine.
> 
> I added the line "apply group policies = yes" to the smb.conf.
> 
> Restarted winbind (I also tried a reboot)
> 
> When I do a "samba-gpupdate --force" or "samba-gpupdate --rsop" I'm
> always getting the following error-message:
> -----------
> root at fs01:/home/stka# samba-gpupdate --force
> Traceback (most recent call last):
>    File "/usr/sbin/samba-gpupdate", line 119, in <module>
>      apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
>    File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 437, in
> apply_gp
>      dc_hostname = get_dc_hostname(creds, lp)
>    File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
> get_dc_hostname
>      cldap_ret = net.finddc(domain=lp.get('realm'),
> flags=(nbt.NBT_SERVER_LDAP |
> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
> 
> root at fs01:/home/stka# samba-gpupdate --rsop
> Traceback (most recent call last):
>    File "/usr/sbin/samba-gpupdate", line 117, in <module>
>      rsop(lp, creds, logger, store, gp_extensions, opts.target)
>    File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511, in rsop
>      dc_hostname = get_dc_hostname(creds, lp)
>    File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
> get_dc_hostname
>      cldap_ret = net.finddc(domain=lp.get('realm'),
> flags=(nbt.NBT_SERVER_LDAP |
> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
> -----------
> 
> What did I miss?
> 

It's failing on a cldap ping searching for a DC in your domain. Is your 
domain name resolvable?

-- 
*David Mulder*
Labs Software Engineer, Samba
SUSE
1221 Valley Grove Way
Pleasant Grove, UT 84062
(P)+1 385.666.5660
dmulder at suse.com
  <http://www.suse.com/>

More information about the samba mailing list