Luca Bertoncello
2016-Apr-08 07:38 UTC
[Samba] Samba as AD-Controller: unable to update policies and call start scripts
Zitat von Sébastien Le Ray <sebastien-samba at orniz.org>:>> The very strange thing is, that gpupdate tries to copy somethings >> from \\cch.intra\sysvol and not from \\dc1\sysvol... >> There a no server with name cch.intra, this is just the Realm... > > Thats expected. your.realm should resolve to all your DC in a > round-robin fashion.OK, I didn't know that... Thansk!> Please paste the output of dig cch.intra (or nslookup on a windows box)From the DC (Ubuntu 14.04): root at dc1:~# dig cch.intra ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> cch.intra ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47849 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cch.intra. IN A ;; ANSWER SECTION: cch.intra. 900 IN A 192.168.50.2 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Apr 08 09:36:39 CEST 2016 ;; MSG SIZE rcvd: 43 from a Windows PC: nslookup cch.intra Server: dc1.cch.intra Address: 192.168.50.2 Name: cch.intra Address: 192.168.50.2 Of course, the IP of the AD-Controller is 192.168.50.2... Thanks Luca Bertoncello (lucabert at lucabert.de)
Sébastien Le Ray
2016-Apr-08 07:50 UTC
[Samba] Samba as AD-Controller: unable to update policies and call start scripts
Did you try a samba-tool ntacl sysvolreset on the DC? (actually… that almost never fixed anything in my case but why not) You can also dig in the Windows events log which could give you a more detailed error Regards Le 08/04/2016 09:38, Luca Bertoncello a écrit :> Zitat von Sébastien Le Ray <sebastien-samba at orniz.org>: > >>> The very strange thing is, that gpupdate tries to copy somethings >>> from \\cch.intra\sysvol and not from \\dc1\sysvol... >>> There a no server with name cch.intra, this is just the Realm... >> >> Thats expected. your.realm should resolve to all your DC in a >> round-robin fashion. > > OK, I didn't know that... Thansk! > >> Please paste the output of dig cch.intra (or nslookup on a windows box) > > From the DC (Ubuntu 14.04): > > root at dc1:~# dig cch.intra > > ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> cch.intra > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47849 > ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, > ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;cch.intra. IN A > > ;; ANSWER SECTION: > cch.intra. 900 IN A 192.168.50.2 > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Apr 08 09:36:39 CEST 2016 > ;; MSG SIZE rcvd: 43 > > from a Windows PC: > > nslookup cch.intra > Server: dc1.cch.intra > Address: 192.168.50.2 > > Name: cch.intra > Address: 192.168.50.2 > > Of course, the IP of the AD-Controller is 192.168.50.2... > > Thanks > Luca Bertoncello > (lucabert at lucabert.de) > >
Luca Bertoncello
2016-Apr-08 08:04 UTC
[Samba] Samba as AD-Controller: unable to update policies and call start scripts
Zitat von Sébastien Le Ray <sebastien-samba at orniz.org>:> Did you try a samba-tool ntacl sysvolreset on the DC? (actually… > that almost never fixed anything in my case but why not)Unfortunately it did not help...> You can also dig in the Windows events log which could give you a > more detailed errorI see that: Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne CCH aufgrund der folgenden Ursache nicht einrichten: Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar. Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. The sentence "Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar." (there are no logon server available now" seems to be the problem... But how can I solve it? Thanks Luca Bertoncello (lucabert at lucabert.de)
Luca Bertoncello
2016-Apr-08 10:44 UTC
[Samba] Samba as AD-Controller: unable to update policies and call start scripts
Zitat von Sébastien Le Ray <sebastien-samba at orniz.org>:> Did you try a samba-tool ntacl sysvolreset on the DC? (actually… > that almost never fixed anything in my case but why not)I just tried to run "samba_dnsupdate --verbose --all-names" on the DC and I got many "Failed nsupdate: 2" and at the end "Failed update of 21 entries". Attached is the full result. Maybe is THIS my problem? Thanks Luca Bertoncello (lucabert at lucabert.de) -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dns.lst URL: <http://lists.samba.org/pipermail/samba/attachments/20160408/e20e28ae/dns.ksh>
Maybe Matching Threads
- Samba as AD-Controller: unable to update policies and call start scripts
- Samba as AD-Controller: unable to update policies and call start scripts
- Samba as AD-Controller: unable to update policies and call start scripts
- Samba as AD-Controller: unable to update policies and call start scripts
- Samba as AD-Controller: unable to update policies and call start scripts