[Samba] using Linux GPO

Stefan Kania stefan at kania-online.de
Wed Nov 24 16:44:09 UTC 2021 


Am 24.11.21 um 16:56 schrieb David Mulder via samba:
> On 11/24/21 8:47 AM, Stefan Kania via samba wrote:
>> Hello,
>>
>> I'm setting up Linux-GPOs starting with motd. Testing with "samba-tool
>> gpo list fs01" (fs01 is my linux-host). I see:
>> ------------
>> root at addc01:/home/stka# samba-tool gpo list fs01
>> GPOs for user fs01
>>      Linux-motd {A11688A4-97D2-4471-9EBC-C0A40F169339}
>>      Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
>> ------------
>>
>> I reseted the permissions with "samba-tool ntacl sysvolreset" everything
>> is fine.
>>
>> I added the line "apply group policies = yes" to the smb.conf.
>>
>> Restarted winbind (I also tried a reboot)
>>
>> When I do a "samba-gpupdate --force" or "samba-gpupdate --rsop" I'm
>> always getting the following error-message:
>> -----------
>> root at fs01:/home/stka# samba-gpupdate --force
>> Traceback (most recent call last):
>>    File "/usr/sbin/samba-gpupdate", line 119, in <module>
>>      apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
>>    File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 437, in
>> apply_gp
>>      dc_hostname = get_dc_hostname(creds, lp)
>>    File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
>> get_dc_hostname
>>      cldap_ret = net.finddc(domain=lp.get('realm'),
>> flags=(nbt.NBT_SERVER_LDAP |
>> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
>>
>> root at fs01:/home/stka# samba-gpupdate --rsop
>> Traceback (most recent call last):
>>    File "/usr/sbin/samba-gpupdate", line 117, in <module>
>>      rsop(lp, creds, logger, store, gp_extensions, opts.target)
>>    File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511,
>> in rsop
>>      dc_hostname = get_dc_hostname(creds, lp)
>>    File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
>> get_dc_hostname
>>      cldap_ret = net.finddc(domain=lp.get('realm'),
>> flags=(nbt.NBT_SERVER_LDAP |
>> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
>> -----------
>>
>> What did I miss?
>>
> 
> It's failing on a cldap ping searching for a DC in your domain. Is your
> domain name resolvable?
Yes it is:
----------------
root at fs01:/home/stka# ping example.net
PING example.net (192.168.56.102) 56(84) bytes of data.
64 bytes from addc02.example.net (192.168.56.102): icmp_seq=1 ttl=64
time=0.901 ms
64 bytes from addc02.example.net (192.168.56.102): icmp_seq=2 ttl=64
time=0.944 ms

----------------
I can also resolve the srv-records and ping all DCs with fqdn and hostname
The fs01 is member of the domain and sharing folders to Windows-clients.
So its my fileserver. I'm using the registry instead of smb.conf but up
to now there was no problem with the motd file.

I run ubuntu 20.04 with Louis packages 4.15.2
> 

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html

More information about the samba mailing list