[Samba] gpo client linux sssd does not apply

Anderson Sampaio Mello anderson.sampaio.mello at gmail.com
Tue Apr 18 23:56:34 UTC 2023 

Thanks for the reply David Mulder.

But I opted to use winbind to get the GPOs up and running.

I have another question about the operation of some GPOs, can I ask it here
or do I need to send a new email?

Thank you all.

Em ter., 18 de abr. de 2023 às 14:16, David Mulder via samba <
samba at lists.samba.org> escreveu:

> On 4/14/23 2:23 AM, Anderson Sampaio Mello via samba wrote:
> > Hello Samba Team, how are you?
> >
> > I'm joining linux clients in the company's environment and I would like
> to
> > apply GPOs to linux clients, I'm in the testing phase.
> >
> > I'm testing with ubuntu clients version 22.04 and the software I used to
> > join the samba AD was sssd.
> >
> > The 22.04 ubuntu client has joined and everything is working fine except
> > for the GPOs for linux clients.
> >
> > I compiled and installed oddjob-gpupdate and also installed oddbjob as
> > recommended by the samba documentation (
> > https://dmulder.github.io/group-policy-book/)
> >
> > I also installed samba version 4.15.3 with the command samba-gpupdate,
> when
> > I run the command samba-gpupdate --rsop with sssd working it reports
> these
> > errors:
> >
> > Traceback (most recent call last):
> >     File "/usr/sbin/samba-gpupdate", line 117, in <module>
> >       rsop(lp, creds, logger, store, gp_extensions, opts.target)
> >     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511, in
> rsop
> >       dc_hostname = get_dc_hostname(creds, lp)
> >     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
> > get_dc_hostname
> >       cldap_ret = net.finddc(domain=lp.get('realm'),
> > flags=(nbt.NBT_SERVER_LDAP |
> > samba.NTSTATUSError: (3221225524, 'The object name is not found.')
> > Error in sys.excepthook:
> > Traceback (most recent call last):
> >     File "/usr/lib/python3/dist-packages/apport_python_hook.py", line
> 153,
> > in apport_excepthook
> >       with os.fdopen(os.open(pr_filename,
> > FileNotFoundError: [Errno 2] No such file or directory:
> > '/var/crash/_usr_sbin_samba-gpupdate.0.crash'
> >
> > Original exception was:
> > Traceback (most recent call last):
> >     File "/usr/sbin/samba-gpupdate", line 117, in <module>
> >       rsop(lp, creds, logger, store, gp_extensions, opts.target)
> >     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511, in
> rsop
> >       dc_hostname = get_dc_hostname(creds, lp)
> >     File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in
> > get_dc_hostname
> >       cldap_ret = net.finddc(domain=lp.get('realm'),
> > flags=(nbt.NBT_SERVER_LDAP |
> > samba.NTSTATUSError: (3221225524, 'The object name is not found.')
>
> I was able to get it to work by setting up a simple smb.conf, and doing
> a `net ads join`. SSSD is still the auth provider.
>
> My simple smb.conf looks like this:
>
> dmulder at dmm-tw:~> cat /etc/samba/smb.conf
> [global]
>      idmap config * : backend = tdb
>      idmap config * : range = 10000-20000
>      idmap config dmm : backend = rid
>      idmap config dmm : range = 20001-99999
>      kerberos method = secrets and keytab
>      security = ADS
>      usershare allow guests = No
>      workgroup = DMMSUSE
>      realm = dmm.suse.de
>
> Then I set `ad_update_samba_machine_account_password = true` in
> /etc/sssd/sssd.conf.
>
> And finally:
>
> sudo kinit Administrator
> sudo net ads join -k
>
> This creates the secrets.tdb for samba, which SSSD will now keep updated
> for samba-gpupdate. Afterward samba-gpupdate is working for me with SSSD.
>
> >
> > On another station when I test on another linux ubuntu client with the
> same
> > version of samba, but with winbind(not sssd), the GPOs are applied
> normally.
> >
> > I think it's something that isn't working well, which could be a result
> of
> > the compilation or some detail I missed.
> >
> > I downloaded the code from https://github.com/openSUSE/oddjob-gpupdate
> and
> > compiled it like this:
> >
> > apt install autoconf libtool libxml2-dev libdbus-1-dev oddjob
> libpam0g-dev
> > xmlto libselinux1-dev libxml++2.6-dev
> > ./autogen
> > make up
> > make install
> >
> > Did I make a mistake in the compilation process? can someone guide me to
> > compile correctly?
>
> --
> David Mulder
> Labs Software Engineer, Samba
> SUSE
> 1221 S Valley Grove Way, Suite 500
> Pleasant Grove, UT 84062
> (P)+1 385.208.2989
> dmulder at suse.com
> http://www.suse.com
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list