[Samba] using Linux GPO

David Mulder dmulder at samba.org
Wed Nov 24 16:48:37 UTC 2021


On 11/24/21 9:44 AM, Stefan Kania via samba wrote:
> 
> 
> Am 24.11.21 um 16:56 schrieb David Mulder via samba:
>> On 11/24/21 8:47 AM, Stefan Kania via samba wrote:
>>> Hello,
>>>
>>> I'm setting up Linux-GPOs starting with motd. Testing with "samba-tool
>>> gpo list fs01" (fs01 is my linux-host). I see:
>>> ------------
>>> root at addc01:/home/stka# samba-tool gpo list fs01
>>> GPOs for user fs01
>>>       Linux-motd {A11688A4-97D2-4471-9EBC-C0A40F169339}
>>>       Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}
>>> ------------
>>>
>>> I reseted the permissions with "samba-tool ntacl sysvolreset" everything
>>> is fine.
>>>
>>> I added the line "apply group policies = yes" to the smb.conf.
>>>
>>> Restarted winbind (I also tried a reboot)
>>>
>>> When I do a "samba-gpupdate --force" or "samba-gpupdate --rsop" I'm
>>> always getting the following error-message:
>>> -----------
>>> root at fs01:/home/stka# samba-gpupdate --force
>>> Traceback (most recent call last):
>>>     File "/usr/sbin/samba-gpupdate", line 119, in <module>
>>>       apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
>>>     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 437, in
>>> apply_gp
>>>       dc_hostname = get_dc_hostname(creds, lp)
>>>     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
>>> get_dc_hostname
>>>       cldap_ret = net.finddc(domain=lp.get('realm'),
>>> flags=(nbt.NBT_SERVER_LDAP |
>>> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
>>>
>>> root at fs01:/home/stka# samba-gpupdate --rsop
>>> Traceback (most recent call last):
>>>     File "/usr/sbin/samba-gpupdate", line 117, in <module>
>>>       rsop(lp, creds, logger, store, gp_extensions, opts.target)
>>>     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511,
>>> in rsop
>>>       dc_hostname = get_dc_hostname(creds, lp)
>>>     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
>>> get_dc_hostname
>>>       cldap_ret = net.finddc(domain=lp.get('realm'),
>>> flags=(nbt.NBT_SERVER_LDAP |
>>> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
>>> -----------
>>>
>>> What did I miss?
>>>
>>
>> It's failing on a cldap ping searching for a DC in your domain. Is your
>> domain name resolvable?
> Yes it is:
> ----------------
> root at fs01:/home/stka# ping example.net
> PING example.net (192.168.56.102) 56(84) bytes of data.
> 64 bytes from addc02.example.net (192.168.56.102): icmp_seq=1 ttl=64
> time=0.901 ms
> 64 bytes from addc02.example.net (192.168.56.102): icmp_seq=2 ttl=64
> time=0.944 ms
> 
> ----------------
> I can also resolve the srv-records and ping all DCs with fqdn and hostname
> The fs01 is member of the domain and sharing folders to Windows-clients.
> So its my fileserver. I'm using the registry instead of smb.conf but up
> to now there was no problem with the motd file.
> 
> I run ubuntu 20.04 with Louis packages 4.15.2
>>

AH. IIRC, the samba python loadparam bindings *do not* support registry 
smb.conf. To test this, try this python3 code:

#!/usr/bin/python3
from samba.param import LoadParm
print(lp.get('realm'))

It will be unable to fetch your realm.

-- 
*David Mulder*
Labs Software Engineer, Samba
SUSE
1221 Valley Grove Way
Pleasant Grove, UT 84062
(P)+1 385.666.5660
dmulder at suse.com
  <http://www.suse.com/>




More information about the samba mailing list