thr3ads.net - samba - [Samba] GPO infrastructure? -> 4.8.x to 4.9.x [Jul 2019]

If this information is useful, please help other people find it:
Share via:

Stefan G. Weichinger

2019-Jul-09 18:00 UTC

[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

Am 02.07.19 um 16:24 schrieb Stefan G. Weichinger via
samba:> Am 02.07.19 um 16:09 schrieb Stefan G. Weichinger via samba:
>>
>> I get problems with group policies not applied ... seems an older
>> problem surfacing now.
>>
>> Before I debug at current level I consider upgrading the 2 DCs from
>> 4.8.12 (Debian Stretch) to 4.9.9
>>
>> Anything specific to consider here?
> 
> couldn't wait: 4.9.9 now :-P
> 
> -
> 
> Still same issues. Somehow the clients don't find a DC somehow ...
> 
> so it seems some DNS records are broken or so?
> 
> I can connect the RSAT(?) directly to one DC, but it doesn't find one
> writable DC by itself. What to correct here?
brand new server win 2019

opening AD-users console (is that the term?)

it tells me (I translate):

"Domain xy could not be found because of ... : user or password wrong"

I mean, I am logged into the server with a AD-domain-admin. And it shows
objects at first, but for example the GPO-console brings access denied.

hmm

Would be nice to get rid of that within a week or so, big migration ahead.

-

2 samba 4.9.11 DCs ... replication looks good, dbcheck as well

Maybe I have to rejoin, I renamed the windows server after the join, and
there was now matching DNS record then.

And I see stuff like this:

/var/log/samba# tail -f log.samba
  ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error
code 1
[2019/07/09 19:16:32.921798,  0]
../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
  ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error
code 1


thanks for any help here

Stefan G. Weichinger

2019-Jul-10 06:40 UTC

head link

[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

Am 09.07.19 um 20:00 schrieb Stefan G. Weichinger via samba:
> Maybe I have to rejoin, I renamed the windows server after the join, and
> there was now matching DNS record then.
> 
> And I see stuff like this:
> 
> /var/log/samba# tail -f log.samba
>   ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error
> code 1
> [2019/07/09 19:16:32.921798,  0]
> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
>   ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error
> code 1
rejoined the server and removed the DNS entry inbetween manually

join worked ok, no DNS record after that

more of this:


Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
[2019/07/10 08:16:36.662971,  0]
../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error code 1
Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
[2019/07/10 08:26:36.544214,  0]
../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error code 1


Added A-record myself.

Still issues with RSAT and GPO editing (access denied etc)

-

network: it is set up as domain network ... firewall activated. But it
seems I can't see all the other computers in Windows Explorer, Network.

disabled firewall for a test ... reset to standards.

Just searching.

Stefan G. Weichinger

2019-Jul-12 08:24 UTC

head link

[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

Am 10.07.19 um 08:40 schrieb Stefan G. Weichinger via samba:
> more of this:
> 
> Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> [2019/07/10 08:16:36.662971,  0]
> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
> Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error code 1
> Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> [2019/07/10 08:26:36.544214,  0]
> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
> Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error code 1
> 
> 
> Added A-record myself.
> 
> Still issues with RSAT and GPO editing (access denied etc)
> 
> -
> 
> network: it is set up as domain network ... firewall activated. But it
> seems I can't see all the other computers in Windows Explorer, Network.
> 
> disabled firewall for a test ... reset to standards.
am I missing something, did I make some stupid mistake or is there any
other reason why noone replies to this thread anymore?

L.P.H. van Belle

2019-Jul-12 09:56 UTC

head link

[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: vrijdag 12 juli 2019 10:24
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO infrastructure? -> 4.8.x to 4.9.x
> 
> Am 10.07.19 um 08:40 schrieb Stefan G. Weichinger via samba:
> 
> > more of this:
> > 
> > Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> > [2019/07/10 08:16:36.662971,  0]
> > ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
> > Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> > ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - 
> with error code 1
> > Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> > [2019/07/10 08:26:36.544214,  0]
> > ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)
> > Jul 10 08:26:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]:
> > ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - 
> with error code 1
> > 
> > 
> > Added A-record myself.
> > 
> > Still issues with RSAT and GPO editing (access denied etc)
> > 
> > -
> > 
> > network: it is set up as domain network ... firewall 
> activated. But it
> > seems I can't see all the other computers in Windows 
> Explorer, Network.
> > 
> > disabled firewall for a test ... reset to standards.
> 
> am I missing something, did I make some stupid mistake or is there any
> other reason why noone replies to this thread anymore?
Hai, a quick response.. 
Failed SPN update -  
Verify the dns.keytab files its location if you upgraded, you might need to move
that from /var/lib/samba/private to /var/lib/samba/bind-dns
You need :  -rw-r-----  1 root bind  877 Apr 28  2015 dns.keytab

Verify if : /var/lib/samba/bind-dns/named.conf is updated to the correct bind
version.

And run : samba_dnsupdate --verbose 
Post that output. 

Network, the AD-DC dont run NMBD. If you want to "see" netbiosnames in
the explorer, enable NMBD on one member server.
See if that helps you. That is by design. 


Greetz, 

Louis

Apparently Analagous Threads

Search for more reasonably related threads

samba - Jul 2019 - GPO infrastructure? -> 4.8.x to 4.9.x

[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

[Samba] GPO infrastructure? -> 4.8.x to 4.9.x

Apparently Analagous Threads