Am 03.06.19 um 11:40 schrieb Rowland penny via samba:> On 03/06/2019 10:22, Stefan G. Weichinger via samba wrote: >> samba-4.8.12 on 2 DCs, replication works ... >> >> An external admin joined a new PC and the GPOs aren't pulled ... >> >> we get something like "user has no rsop data" > > Never seen that, but a quick google seems to suggest that the PC isn't > using a DC as its nameserver. > > If this is the case, I suggest you deny the external admin access to the > domain as this is pretty basic.2nd thought: that doesn't explain RSAT failing, right? The windows-server uses the correct 2 DC-IPs as DNS.
On 03/06/2019 10:58, Stefan G. Weichinger via samba wrote:> Am 03.06.19 um 11:40 schrieb Rowland penny via samba: >> On 03/06/2019 10:22, Stefan G. Weichinger via samba wrote: >>> samba-4.8.12 on 2 DCs, replication works ... >>> >>> An external admin joined a new PC and the GPOs aren't pulled ... >>> >>> we get something like "user has no rsop data" >> Never seen that, but a quick google seems to suggest that the PC isn't >> using a DC as its nameserver. >> >> If this is the case, I suggest you deny the external admin access to the >> domain as this is pretty basic. > 2nd thought: that doesn't explain RSAT failing, right? > > The windows-server uses the correct 2 DC-IPs as DNS. > >I do not think this a Samba problem (but you will probably prove me wrong), I suspect a mis-configuration on the new PC What is the new PC ? Rowland
Am 03.06.19 um 12:08 schrieb Rowland penny via samba:> On 03/06/2019 10:58, Stefan G. Weichinger via samba wrote: >> Am 03.06.19 um 11:40 schrieb Rowland penny via samba: >>> On 03/06/2019 10:22, Stefan G. Weichinger via samba wrote: >>>> samba-4.8.12 on 2 DCs, replication works ... >>>> >>>> An external admin joined a new PC and the GPOs aren't pulled ... >>>> >>>> we get something like "user has no rsop data" >>> Never seen that, but a quick google seems to suggest that the PC isn't >>> using a DC as its nameserver. >>> >>> If this is the case, I suggest you deny the external admin access to the >>> domain as this is pretty basic. >> 2nd thought: that doesn't explain RSAT failing, right? >> >> The windows-server uses the correct 2 DC-IPs as DNS. >> >> > I do not think this a Samba problem (but you will probably prove me > wrong), I suspect a mis-configuration on the new PC > > What is the new PC ?The RSAT-issue happens on another machine running MS Windows Server 2008R2. If I enter the domain there within "Change Domain ..." I get some error mentioning wrong user/pw. Although I am correctly logged in as DOMAIN\Administrator. I checked for the SRV-records, to me they look ok ..