On 26/05/2019 19:24, Epsilon Minus via samba wrote:> i don't know if the problem with the command samba-tool gpo aclcheck > is connect with the original problem, but is necesary resolv all > warinings. > > I put de log level = 5 to check the report. > > this is the output: > > > root at DC04:~# samba-tool gpo aclcheckTry it like this: samba-tool gpo aclcheck -UAdministrator Rowland
El dom., 26 may. 2019 a las 16:12, Rowland penny via samba (<samba at lists.samba.org>) escribió:> > On 26/05/2019 19:24, Epsilon Minus via samba wrote: > > i don't know if the problem with the command samba-tool gpo aclcheck > > is connect with the original problem, but is necesary resolv all > > warinings. > > > > I put de log level = 5 to check the report. > > > > this is the output: > > > > > > root at DC04:~# samba-tool gpo aclcheck > > Try it like this: > > samba-tool gpo aclcheck -UAdministrator > > RowlandThe output is different: root at DC04:~# samba-tool gpo aclcheck -Uadministrator GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.CLINICAGUEMES.COM.AR<0x0> resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.CLINICAGUEMES.COM.AR<0x0> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> Password for [CLINICAGUEMES\administrator]: resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> Is suspect the message: resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> But i have de same problem with GPO manage: "The permissions for this GPO in the SYSVOL folder are inconsistent with those in Active Directory. It is recommended that these permissions be consistent. To change the SYSVOL permissions to those in Active Directory, click OK. For more information, see the Microsoft Knowledge Base article: http://go.microsoft.com/fwlink/?LinkId=20066" Ask me if i want to resolve, if i press "yes" the sistem print "access denied"> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 26/05/2019 20:18, Epsilon Minus wrote:> The output is different: > root at DC04:~# samba-tool gpo aclcheck -Uadministrator > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > resolve_lmhosts: Attempting lmhosts lookup for name > _ldap._tcp.CLINICAGUEMES.COM.AR<0x0> > resolve_lmhosts: Attempting lmhosts lookup for name > _ldap._tcp.CLINICAGUEMES.COM.AR<0x0> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > Password for [CLINICAGUEMES\administrator]: > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc04.example.com<0x20> > > Is suspect the message: resolve_lmhosts: Attempting lmhosts lookup for > name dc04.example.com<0x20>No, you have 'log level = 2' set in smb.conf, if you remove all the lines printed because of this, you get this: root at DC04:~# samba-tool gpo aclcheck -Uadministrator Password for [CLINICAGUEMES\administrator]: Now, provided you did enter the password for 'Administrator', then you do not have a problem, because it didn't print an error message. I suspect that you have a similar problem on Windows, you user doesn't have the required permission. Rowland
Hello,
I using Samba 4.10.4-Debian and Samba work as Active Directory. All work
ok, until I try apply GPO to specific security group with guide on link
http://www.rebeladmin.com/2018/04/group-policy-security-filtering/ .
After modify GPO I got error:
root at dc1:~# samba-tool gpo list user5
ERROR(runtime): uncaught exception - Badly formed gPLink ' '
? File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
185, in _run
??? return self.run(*args, **kwargs)
? File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line 519,
in run
??? glist = parse_gplink(str(msg['gPLink'][0]))
? File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line 102,
in parse_gplink
??? raise RuntimeError("Badly formed gPLink '%s'" % g)
How to fix GPO ?