[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
** Description changed:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums, Reddit
or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps
on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend,
I can log with Active Directory users however when adsys is installed I
can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get policies
for "ubuntu": can't download all gpos and assets: one or more error
while fetching GPOs and assets: can't download "ubuntuRoot": can't check
if ubuntuRoot needs refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
-
After upgrade to 23.04 the error persist same as the above.
-
Full info 22.04 (- verbose):
-
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
- We will only use the defaults, env variables or flags.
- DEBUG Connecting as [[2504:109556]]
- DEBUG New request /service/UpdatePolicy
- DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
- DEBUG NormalizeTargetName for "ubuntu", type "computer"
- DEBUG Check if grpc request peer is authorized
- DEBUG Authorized as being administrator
- DEBUG GetPolicies for "ubuntu", type "computer"
- DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
- DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
- DEBUG Analyzing "assets"
- DEBUG Analyzing "ubuntuRoot"
- INFO No assets directory with GPT.INI file found on AD, skipping assets
download
+ We will only use the defaults, env variables or flags.
+ DEBUG Connecting as [[2504:109556]]
+ DEBUG New request /service/UpdatePolicy
+ DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
+ DEBUG NormalizeTargetName for "ubuntu", type "computer"
+ DEBUG Check if grpc request peer is authorized
+ DEBUG Authorized as being administrator
+ DEBUG GetPolicies for "ubuntu", type "computer"
+ DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
+ DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
+ DEBUG Analyzing "assets"
+ DEBUG Analyzing "ubuntuRoot"
+ INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
-
Full info 23.04 (- verbose):
- INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
- DEBUG Connecting as [[58811:006019]]
- DEBUG New request /service/UpdatePolicy
- DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
- DEBUG NormalizeTargetName for "ubuntu", type "computer"
- DEBUG Check if grpc request peer is authorized
- DEBUG Authorized as being administrator
- DEBUG GetPolicies for "ubuntu", type "computer"
- DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
+ INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
+ DEBUG Connecting as [[58811:006019]]
+ DEBUG New request /service/UpdatePolicy
+ DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
+ DEBUG NormalizeTargetName for "ubuntu", type "computer"
+ DEBUG Check if grpc request peer is authorized
+ DEBUG Authorized as b
[Desktop-packages] [Bug 2024377] [NEW] Adsys can't fetch GPOs
Public bug reported:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums, Reddit
or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps
on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend,
I can log with Active Directory users however when adsys is installed I
can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get policies
for "ubuntu": can't download all gpos and assets: one or more error
while fetching GPOs and assets: can't download "ubuntuRoot": can't check
if ubuntuRoot needs refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu,
Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu,
Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.deltasul.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and enter
correctly with domain users.
ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: adsys 0.11.0
ProcVersionSignature: Ubuntu 6.2.0-23.23-generic 6.2.12
Uname: Linux 6.2.0-23-generic x86_64
ApportVersion: 2.26.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Mon Jun 19 11:22:10 2023
InstallationDate: Insta
