[Samba] using Linux GPO
David Mulder
dmulder at samba.org
Wed Nov 24 16:48:37 UTC 2021
On 11/24/21 9:44 AM, Stefan Kania via samba wrote:
>
>
> Am 24.11.21 um 16:56 schrieb David Mulder via samba:
>> On 11/24/21 8:47 AM, Stefan Kania via samba wrote:
>>> Hello,
>>>
>>> I'm setting up Linux-GPOs starting with motd. Testing with "samba-tool
>>> gpo list fs01" (fs01 is my linux-host). I see:
>>> ------------
>>> root at addc01:/home/stka# samba-tool gpo list fs01
>>> GPOs for user fs01
>>> Linux-motd {A11688A4-97D2-4471-9EBC-C0A40F169339}
>>> Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
>>> ------------
>>>
>>> I reseted the permissions with "samba-tool ntacl sysvolreset" everything
>>> is fine.
>>>
>>> I added the line "apply group policies = yes" to the smb.conf.
>>>
>>> Restarted winbind (I also tried a reboot)
>>>
>>> When I do a "samba-gpupdate --force" or "samba-gpupdate --rsop" I'm
>>> always getting the following error-message:
>>> -----------
>>> root at fs01:/home/stka# samba-gpupdate --force
>>> Traceback (most recent call last):
>>> File "/usr/sbin/samba-gpupdate", line 119, in <module>
>>> apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
>>> File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 437, in
>>> apply_gp
>>> dc_hostname = get_dc_hostname(creds, lp)
>>> File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
>>> get_dc_hostname
>>> cldap_ret = net.finddc(domain=lp.get('realm'),
>>> flags=(nbt.NBT_SERVER_LDAP |
>>> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
>>>
>>> root at fs01:/home/stka# samba-gpupdate --rsop
>>> Traceback (most recent call last):
>>> File "/usr/sbin/samba-gpupdate", line 117, in <module>
>>> rsop(lp, creds, logger, store, gp_extensions, opts.target)
>>> File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511,
>>> in rsop
>>> dc_hostname = get_dc_hostname(creds, lp)
>>> File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
>>> get_dc_hostname
>>> cldap_ret = net.finddc(domain=lp.get('realm'),
>>> flags=(nbt.NBT_SERVER_LDAP |
>>> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
>>> -----------
>>>
>>> What did I miss?
>>>
>>
>> It's failing on a cldap ping searching for a DC in your domain. Is your
>> domain name resolvable?
> Yes it is:
> ----------------
> root at fs01:/home/stka# ping example.net
> PING example.net (192.168.56.102) 56(84) bytes of data.
> 64 bytes from addc02.example.net (192.168.56.102): icmp_seq=1 ttl=64
> time=0.901 ms
> 64 bytes from addc02.example.net (192.168.56.102): icmp_seq=2 ttl=64
> time=0.944 ms
>
> ----------------
> I can also resolve the srv-records and ping all DCs with fqdn and hostname
> The fs01 is member of the domain and sharing folders to Windows-clients.
> So its my fileserver. I'm using the registry instead of smb.conf but up
> to now there was no problem with the motd file.
>
> I run ubuntu 20.04 with Louis packages 4.15.2
>>
AH. IIRC, the samba python loadparam bindings *do not* support registry
smb.conf. To test this, try this python3 code:
#!/usr/bin/python3
from samba.param import LoadParm
print(lp.get('realm'))
It will be unable to fetch your realm.
--
*David Mulder*
Labs Software Engineer, Samba
SUSE
1221 Valley Grove Way
Pleasant Grove, UT 84062
(P)+1 385.666.5660
dmulder at suse.com
<http://www.suse.com/>
More information about the samba
mailing list