[Samba] gpo client linux sssd does not apply

David Mulder dmulder at samba.org
Mon Apr 17 14:47:20 UTC 2023 

On 4/14/23 2:23 AM, Anderson Sampaio Mello via samba wrote:
> Hello Samba Team, how are you?
>
> I'm joining linux clients in the company's environment and I would like to
> apply GPOs to linux clients, I'm in the testing phase.
>
> I'm testing with ubuntu clients version 22.04 and the software I used to
> join the samba AD was sssd.
>
> The 22.04 ubuntu client has joined and everything is working fine except
> for the GPOs for linux clients.
>
> I compiled and installed oddjob-gpupdate and also installed oddbjob as
> recommended by the samba documentation (
> https://dmulder.github.io/group-policy-book/)
>
> I also installed samba version 4.15.3 with the command samba-gpupdate, when
> I run the command samba-gpupdate --rsop with sssd working it reports these
> errors:
>
> Traceback (most recent call last):
>     File "/usr/sbin/samba-gpupdate", line 117, in <module>
>       rsop(lp, creds, logger, store, gp_extensions, opts.target)
>     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511, in rsop
>       dc_hostname = get_dc_hostname(creds, lp)
>     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
> get_dc_hostname
>       cldap_ret = net.finddc(domain=lp.get('realm'),
> flags=(nbt.NBT_SERVER_LDAP |
> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
> Error in sys.excepthook:
> Traceback (most recent call last):
>     File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 153,
> in apport_excepthook
>       with os.fdopen(os.open(pr_filename,
> FileNotFoundError: [Errno 2] No such file or directory:
> '/var/crash/_usr_sbin_samba-gpupdate.0.crash'
>
> Original exception was:
> Traceback (most recent call last):
>     File "/usr/sbin/samba-gpupdate", line 117, in <module>
>       rsop(lp, creds, logger, store, gp_extensions, opts.target)
>     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511, in rsop
>       dc_hostname = get_dc_hostname(creds, lp)
>     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
> get_dc_hostname
>       cldap_ret = net.finddc(domain=lp.get('realm'),
> flags=(nbt.NBT_SERVER_LDAP |
> samba.NTSTATUSError: (3221225524, 'The object name is not found.')
samba-gpupdate is failing to find the dc hostname. Can you provide me 
with copies of your config (sssd, smb.conf)?
> On another station when I test on another linux ubuntu client with the same
> version of samba, but with winbind(not sssd), the GPOs are applied normally.
>
> I think it's something that isn't working well, which could be a result of
> the compilation or some detail I missed.
>
> I downloaded the code from https://github.com/openSUSE/oddjob-gpupdate and
> compiled it like this:
>
> apt install autoconf libtool libxml2-dev libdbus-1-dev oddjob libpam0g-dev
> xmlto libselinux1-dev libxml++2.6-dev
> ./autogen
> make up
> make install
>
> Did I make a mistake in the compilation process? can someone guide me to
> compile correctly?

I'm afraid Samba's group policy isn't officially supported with SSSD, 
although it has worked in the past. It is known to work well with 
Winbind though.

Sorry for the slow response. I've been on paternity leave.

-- 
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com

More information about the samba mailing list