On 11/24/21 8:47 AM, Stefan Kania via samba wrote:> Hello, > > I'm setting up Linux-GPOs starting with motd. Testing with "samba-tool > gpo list fs01" (fs01 is my linux-host). I see: > ------------ > root at addc01:/home/stka# samba-tool gpo list fs01 > GPOs for user fs01 > Linux-motd {A11688A4-97D2-4471-9EBC-C0A40F169339} > Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9} > ------------ > > I reseted the permissions with "samba-tool ntacl sysvolreset" everything > is fine. > > I added the line "apply group policies = yes" to the smb.conf. > > Restarted winbind (I also tried a reboot) > > When I do a "samba-gpupdate --force" or "samba-gpupdate --rsop" I'm > always getting the following error-message: > ----------- > root at fs01:/home/stka# samba-gpupdate --force > Traceback (most recent call last): > File "/usr/sbin/samba-gpupdate", line 119, in <module> > apply_gp(lp, creds, logger, store, gp_extensions, opts.force) > File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 437, in > apply_gp > dc_hostname = get_dc_hostname(creds, lp) > File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in > get_dc_hostname > cldap_ret = net.finddc(domain=lp.get('realm'), > flags=(nbt.NBT_SERVER_LDAP | > samba.NTSTATUSError: (3221225524, 'The object name is not found.') > > root at fs01:/home/stka# samba-gpupdate --rsop > Traceback (most recent call last): > File "/usr/sbin/samba-gpupdate", line 117, in <module> > rsop(lp, creds, logger, store, gp_extensions, opts.target) > File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511, in rsop > dc_hostname = get_dc_hostname(creds, lp) > File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in > get_dc_hostname > cldap_ret = net.finddc(domain=lp.get('realm'), > flags=(nbt.NBT_SERVER_LDAP | > samba.NTSTATUSError: (3221225524, 'The object name is not found.') > ----------- > > What did I miss? >It's failing on a cldap ping searching for a DC in your domain. Is your domain name resolvable? -- *David Mulder* Labs Software Engineer, Samba SUSE 1221 Valley Grove Way Pleasant Grove, UT 84062 (P)+1 385.666.5660 dmulder at suse.com <http://www.suse.com/>
On 11/24/21 8:56 AM, David Mulder via samba <samba at lists.samba.org> wrote:> On 11/24/21 8:47 AM, Stefan Kania via samba wrote: > > > > What did I miss? > > > > It's failing on a cldap ping searching for a DC in your domain. Is your > domain name resolvable? >So I would check what your REALM is set to in your smb.conf. See if that name is resolvable (nslookup my.realm.com), then make sure you have a DC running in that realm, and that it is reachable.
Am 24.11.21 um 16:56 schrieb David Mulder via samba:> On 11/24/21 8:47 AM, Stefan Kania via samba wrote: >> Hello, >> >> I'm setting up Linux-GPOs starting with motd. Testing with "samba-tool >> gpo list fs01" (fs01 is my linux-host). I see: >> ------------ >> root at addc01:/home/stka# samba-tool gpo list fs01 >> GPOs for user fs01 >> ???? Linux-motd {A11688A4-97D2-4471-9EBC-C0A40F169339} >> ???? Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9} >> ------------ >> >> I reseted the permissions with "samba-tool ntacl sysvolreset" everything >> is fine. >> >> I added the line "apply group policies = yes" to the smb.conf. >> >> Restarted winbind (I also tried a reboot) >> >> When I do a "samba-gpupdate --force" or "samba-gpupdate --rsop" I'm >> always getting the following error-message: >> ----------- >> root at fs01:/home/stka# samba-gpupdate --force >> Traceback (most recent call last): >> ?? File "/usr/sbin/samba-gpupdate", line 119, in <module> >> ???? apply_gp(lp, creds, logger, store, gp_extensions, opts.force) >> ?? File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 437, in >> apply_gp >> ???? dc_hostname = get_dc_hostname(creds, lp) >> ?? File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in >> get_dc_hostname >> ???? cldap_ret = net.finddc(domain=lp.get('realm'), >> flags=(nbt.NBT_SERVER_LDAP | >> samba.NTSTATUSError: (3221225524, 'The object name is not found.') >> >> root at fs01:/home/stka# samba-gpupdate --rsop >> Traceback (most recent call last): >> ?? File "/usr/sbin/samba-gpupdate", line 117, in <module> >> ???? rsop(lp, creds, logger, store, gp_extensions, opts.target) >> ?? File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 511, >> in rsop >> ???? dc_hostname = get_dc_hostname(creds, lp) >> ?? File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 358, in >> get_dc_hostname >> ???? cldap_ret = net.finddc(domain=lp.get('realm'), >> flags=(nbt.NBT_SERVER_LDAP | >> samba.NTSTATUSError: (3221225524, 'The object name is not found.') >> ----------- >> >> What did I miss? >> > > It's failing on a cldap ping searching for a DC in your domain. Is your > domain name resolvable?Yes it is: ---------------- root at fs01:/home/stka# ping example.net PING example.net (192.168.56.102) 56(84) bytes of data. 64 bytes from addc02.example.net (192.168.56.102): icmp_seq=1 ttl=64 time=0.901 ms 64 bytes from addc02.example.net (192.168.56.102): icmp_seq=2 ttl=64 time=0.944 ms ---------------- I can also resolve the srv-records and ping all DCs with fqdn and hostname The fs01 is member of the domain and sharing folders to Windows-clients. So its my fileserver. I'm using the registry instead of smb.conf but up to now there was no problem with the motd file. I run ubuntu 20.04 with Louis packages 4.15.2>-- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html