Still can't figure this out. The client-side logs show two entries:
1. The error in the first message "The processing of Group Policy failed." 2. A DNS processing failure: """The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings ...""" At debug level 5, Samba4 shows no DNS problems, and says "Got a dns update request." "All updates allowed." http://pastebin.com/fYrd9F1W - Nick On Thu, Feb 7, 2013 at 8:59 PM, Nick Semenkovich <seme...@syndetics.net> wrote: > I've just configured Samba4 on Ubuntu (4.0.0+dfsg1-1), and can't seem > to get roaming profiles working (I followed the guide at > https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO ) > > 1. Logons work just fine. > 2. DNS is configured and working, running through SAMBA_INTERNAL > 3. Clients can talk to the server and see/access shares at > \\server.corp.domain.com > 4. Clients are all Windows 8 and NTP time synced > 5. Permissions seem "OK" (the profiles directory is currently chmod > 777 -- without that, only the Administrator seemed to be able to > create their own profile ...) > 6. General users can log in/out (which creates a profile, if profiles > is chmod 777) but a subsequent login can't access it, with a generic > Windows 8 roaming profile error. > > Not really sure where to go from here. I've tried: > - Rebuilding the domain & re-joining machines > - Ultra-lax permissions > - Adding users via the samba-tool versus AD tools in Windows > > At client logon, the samba4 logs (with a debug level of 4) show a collection > of: > > Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED] > > and a few > > Terminating connection - 'kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[kdc_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] > > (Not sure if they're related) > > > Notably, the client machines (all on Win 8) show nearly nothing in the > Event Log, except a Group Policy failure: > """ > The processing of Group Policy failed. Windows attempted to read the > file > \\corp.domain.com\sysvol\corp.domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini > from a domain controller and was not successful. Group Policy settings > may not be applied until this event is resolved. This issue may be > transient and could be caused by one or more of the following: > a) Name Resolution/Network Connectivity to the current domain controller. > b) File Replication Service Latency (a file created on another domain > controller has not replicated to the current domain controller). > c) The Distributed File System (DFS) client has been disabled. > """ > > (Manually connecting to that gpi.ini file works perfectly) > > > > Not really sure what's going on here. The only oddities I see are: > * I can't get the old "add user script" function to work. > As a result, client usernames seem to just have a UID on the linux > side (their profiles show up as: drwxr-xr-x 14 3000015 users 4.0K Feb > 7 20:34 test.V2) > Any way around that? > * When profiles are created, they're appended with ".V2" -- Do I need > to add ".V2" to the profile path setting, e.g. %USERNAME%.V2? (I can't > imagine that's the case ...) > > > I've pasted my smb.conf to: http://pastebin.com/DQDkGxsv > > Any advice? > > > Thanks! > Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba