On 25/05/2021 15:12, Carlos via samba wrote:> ldbsearch -H ldap://"$(host -t SRV
_ldap._tcp.pdc._msdcs."$(hostname
> -d)" | awk '{print $NF}' | awk -F '.' '{print
$1}')" -P -b
> "CN=Policies,CN=System,$
> (echo "DC=$(hostname -d)" | sed 's/\./,DC=/g')" -s
sub
> '(objectClass=groupPolicyContainer)' cn | grep 'cn:'
> Failed to connect to ldap URL 'ldap://DC1
> DC1' - LDAP client internal error: NT_STATUS_OBJECT_NAME_NOT_FOUND
> Failed to connect to 'ldap://DC0
> DC1' with backend 'ldap': LDAP client internal error:
> NT_STATUS_OBJECT_NAME_NOT_FOUND
> Failed to connect to ldap://DC0
> DC1 - LDAP client internal error: NT_STATUS_OBJECT_NAME_NOT_FOUND
>
> But i test telnet 389 in dc0 e dc1 and connection is OK.
>
>
> ls /var/lib/samba/sysvol/$(hostname -d)/Policies
>
> But my samba is compilated(source).
>
> regards;
>
>
>
>
>
> Em 25/05/2021 10:54, Rowland penny via samba escreveu:
>> On 25/05/2021 13:55, Carlos via samba wrote:
>>> HI
>>>
>>> "I am unsure, have you given all the AD groups a gidNumber
?" I dont
>>> understand.....
>>
>>
>> Can you run these commands on a DC:
>>
>> sudo ldbsearch -H ldap://"$(host -t SRV
>> _ldap._tcp.pdc._msdcs."$(hostname -d)" | awk '{print
$NF}' | awk -F
>> '.' '{print $1}')" -P -b
"CN=Policies,CN=System,$(echo "DC=$(hostname
>> -d)" | sed 's/\./,DC=/g')" -s sub
>> '(objectClass=groupPolicyContainer)' cn | grep 'cn:'
>>
>> sudo ls /var/lib/samba/sysvol/$(hostname -d)/Policies
>>
>> Do the outputs show the same GPO's ?
>>
>> Rowland
>>
>>
>>
>
Hmm, you do seem to have problems: $(host -t SRV
_ldap._tcp.pdc._msdcs."$(hostname -d)" | awk '{print $NF}' |
awk -F '.'
'{print $1}') should produce the short hostname of the DC that holds the
PDC_Emulator FSMO role, which it does but then seem to be able to
connect (you are running this as 'root', aren't you ?). What it
shouldn't do is move on to the another DC, there should only be on DC
with the PDC_Emulator role.
As for the second command, just change the '/var/lib/samba' with the
path to your sysvol.
Rowland