Re: [Samba] Samba 4 and gpo in win7
On 12/05/2011 11:21, tae...@bredband.net wrote: Hello! Having an issue with getting gpo to apply for my win7 clients. Running samba4. Creating gpo with gpmc and they are created under var/locks/sysvol/"mydomain"/policies They applies just perfect on win xp clients but when trying on win7 clients they just won´t apply. When runnin gpupdate /force we get this(summary): Could not read the file "path to policy". Possible problems. a. Namematch/connection to dc b. Delay in file replication service c. dfs client inactive Anyone got any ideas? Try to add: host msdfs = yes in [Global] section. Also try to access your sysvol folder this way \\mydomain.tld\sysvol\mydomain.tld\Policies in windows XP and then in windows 7. Finally you can send us a tcpdump/tshark capture between you windows client and samba server, see here for instruction on tracing: https://wiki.samba.org/index.php/Capture_Packets. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
Hi, I thought dfs is not working with samba4, " Try to add: host msdfs = yes"???!! Is it or not? My last tries failed. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Matthieu Patou Gesendet: Freitag, 13. Mai 2011 10:49 An: samba@lists.samba.org Betreff: Re: [Samba] Samba 4 and gpo in win7 On 12/05/2011 11:21, tae...@bredband.net wrote: > > Hello! > > Having an issue with getting gpo to apply for my win7 > clients. > > Running samba4. > > Creating gpo with gpmc and they are created > under var/locks/sysvol/"mydomain"/policies > > They applies just perfect > on win xp clients but when trying on win7 clients they just won´t apply. > > > When runnin gpupdate /force we get this(summary): > > Could not read the > file "path to policy". Possible problems. > > a. Namematch/connection to > dc > > b. Delay in file replication service > > c. dfs client inactive > > > Anyone got any ideas? Try to add: host msdfs = yes in [Global] section. Also try to access your sysvol folder this way \\mydomain.tld\sysvol\mydomain.tld\Policies in windows XP and then in windows 7. Finally you can send us a tcpdump/tshark capture between you windows client and samba server, see here for instruction on tracing: https://wiki.samba.org/index.php/Capture_Packets. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
On 13/05/2011 13:14, Daniel Müller wrote: Hi, I thought dfs is not working with samba4, " Try to add: host msdfs = yes"???!! Is it or not? My last tries failed. We support just the dfs referral location resolving protocol on samba4 and only for sysvol and netlogon share. Matthieu -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
Hi! Could access sysvol directory per default from xp and win7 machines. Tried adding adding host msdfs = yes in smb.conf. Afterwards non of the clients could access sysvol directory through explorer view. And still no gpo applying for win7 clients. I´m kinda confused. Are gpo suppose to work with samba4 and win7? It works perfect with my win xp clients. - Ursprungligt meddelande - Från: "Daniel Müller" Till: m...@samba.org, samba@lists.samba.org Skickat: fredag, 13 maj 2011 11:14:21 Ämne: Re: [Samba] Samba 4 and gpo in win7 Hi, I thought dfs is not working with samba4, " Try to add: host msdfs = yes"???!! Is it or not? My last tries failed. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Matthieu Patou Gesendet: Freitag, 13. Mai 2011 10:49 An: samba@lists.samba.org Betreff: Re: [Samba] Samba 4 and gpo in win7 On 12/05/2011 11:21, tae...@bredband.net wrote: > > Hello! > > Having an issue with getting gpo to apply for my win7 > clients. > > Running samba4. > > Creating gpo with gpmc and they are created > under var/locks/sysvol/"mydomain"/policies > > They applies just perfect > on win xp clients but when trying on win7 clients they just won´t apply. > > > When runnin gpupdate /force we get this(summary): > > Could not read the > file "path to policy". Possible problems. > > a. Namematch/connection to > dc > > b. Delay in file replication service > > c. dfs client inactive > > > Anyone got any ideas? Try to add: host msdfs = yes in [Global] section. Also try to access your sysvol folder this way \\mydomain.tld\sysvol\mydomain.tld\Policies in windows XP and then in windows 7. Finally you can send us a tcpdump/tshark capture between you windows client and samba server, see here for instruction on tracing: https://wiki.samba.org/index.php/Capture_Packets. Matthieu. -- Matthieu Patou Samba Team http://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
On 13 May 2011 13:23, Kalle Pettersson wrote: > Hi! > > Could access sysvol directory per default from xp and win7 machines. > > Tried adding adding host msdfs = yes in smb.conf. > > Afterwards non of the clients could access sysvol directory through explorer > view. First, what path did you try to connect to exactly? Assuming your server is called server.example.com, did you connect to \\SERVER\... or was it \\example.com\...? > And still no gpo applying for win7 clients. > > I´m kinda confused. Are gpo suppose to work with samba4 and win7? > It works perfect with my win xp clients. I think it is supposed to work, but I've not tried it. I'm sure one of the Samba developers will say if it's not supposed to work. Did you try getting a packet capture as requested by Matthieu? -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
On 13/05/2011 20:34, Michael Wood wrote: On 13 May 2011 13:23, Kalle Pettersson wrote: Hi! Could access sysvol directory per default from xp and win7 machines. Tried adding adding host msdfs = yes in smb.conf. Afterwards non of the clients could access sysvol directory through explorer view. First, what path did you try to connect to exactly? Assuming your server is called server.example.com, did you connect to \\SERVER\... or was it \\example.com\...? you have to try \\domain.tld\ because that's the way client will do. And still no gpo applying for win7 clients. I´m kinda confused. Are gpo suppose to work with samba4 and win7? It works perfect with my win xp clients. I think it is supposed to work, but I've not tried it. I'm sure one of the Samba developers will say if it's not supposed to work. Might be a bug (what a surprise ;-) ) in the dfs referal naming resolution, I really happy to help I just need more information. Like a trace and the fact if you have more than 1 DC. In short if you don't have host msdfs = yes, the client will revert to NT4 authentication when trying to access \\domain.tld\sysvol ... as the client can't do kerberos authentication on a domain SPN. XP is quite ok with this degradation, w7 has some problems some time and tend to do unauthenticated mode which of course fail ! Starting samba in more verbose mode could help too (-d 4 should be good). Matthieu -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
On 14/05/2011 00:22, Matthieu Patou wrote: On 13/05/2011 20:34, Michael Wood wrote: On 13 May 2011 13:23, Kalle Pettersson wrote: Hi! Could access sysvol directory per default from xp and win7 machines. Tried adding adding host msdfs = yes in smb.conf. Afterwards non of the clients could access sysvol directory through explorer view. First, what path did you try to connect to exactly? Assuming your server is called server.example.com, did you connect to \\SERVER\... or was it \\example.com\...? you have to try \\domain.tld\ because that's the way client will do. Ok looks like we had a couple of bugs in the dfs clients most of them because my tests where not enough and when we changed some low level marshalling and unmarshalling of messages well the stuff for dfs has not been updated. I'm planning to push a couple of patches in the next days or so. I just retried my code with windows XP and windows 7 and both are able to access \\domain.tld\sysvol. But for some reason a windows XP workstation that I used since 2 years for development was not happy with my samba server _and_ also with a Windows 2008r2 (so I guess it's more a problem of the client than something else). For those who are asking if samba4 support dfs, the answer is partially. We just support DFS for sysvol and netlogon shares as they don't need too much information in the AD, support for domain DFS shouldn't be very complicated but that's not high in my priority list. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
Attached a wireshark file with captures during a gpupdate from a win7 client. In fact we have more then one DC. All of the times when trying to access sysvol folder I´v tried through \\"ip-nr"\sysvol and not through \\"domain.com"\sysvol. Through \\"domain.com"\sysvol I cannot access sysvol. Is it must to access it that way? Or is it me that getting this all wrong? - Ursprungligt meddelande - Från: "Matthieu Patou" Till: samba@lists.samba.org Skickat: fredag, 13 maj 2011 22:22:50 Ämne: Re: [Samba] Samba 4 and gpo in win7 On 13/05/2011 20:34, Michael Wood wrote: > On 13 May 2011 13:23, Kalle Pettersson wrote: >> Hi! >> >> Could access sysvol directory per default from xp and win7 machines. >> >> Tried adding adding host msdfs = yes in smb.conf. >> >> Afterwards non of the clients could access sysvol directory through explorer >> view. > First, what path did you try to connect to exactly? Assuming your > server is called server.example.com, did you connect to \\SERVER\... > or was it \\example.com\...? you have to try \\domain.tld\ because that's the way client will do. >> And still no gpo applying for win7 clients. >> >> I´m kinda confused. Are gpo suppose to work with samba4 and win7? >> It works perfect with my win xp clients. > I think it is supposed to work, but I've not tried it. I'm sure one > of the Samba developers will say if it's not supposed to work. Might be a bug (what a surprise ;-) ) in the dfs referal naming resolution, I really happy to help I just need more information. Like a trace and the fact if you have more than 1 DC. In short if you don't have host msdfs = yes, the client will revert to NT4 authentication when trying to access \\domain.tld\sysvol ... as the client can't do kerberos authentication on a domain SPN. XP is quite ok with this degradation, w7 has some problems some time and tend to do unauthenticated mode which of course fail ! Starting samba in more verbose mode could help too (-d 4 should be good). Matthieu -- Matthieu Patou Samba Team http://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
On 16/05/2011 12:50, Kalle Pettersson wrote: Attached a wireshark file with captures during a gpupdate from a win7 client. In fact we have more then one DC. All of the times when trying to access sysvol folder I´v tried through \\"ip-nr"\sysvol and not through \\"domain.com"\sysvol. Through \\"domain.com"\sysvol I cannot access sysvol. You seems to have a big problem in your DNS configuration as you are not even doing SMB calls, and looking at DNS problems it's quite clear. You had to fix them before being able to move forward. Matthieu. Is it must to access it that way? Or is it me that getting this all wrong? - Ursprungligt meddelande - Från: "Matthieu Patou" Till: samba@lists.samba.org Skickat: fredag, 13 maj 2011 22:22:50 Ämne: Re: [Samba] Samba 4 and gpo in win7 On 13/05/2011 20:34, Michael Wood wrote: On 13 May 2011 13:23, Kalle Pettersson wrote: Hi! Could access sysvol directory per default from xp and win7 machines. Tried adding adding host msdfs = yes in smb.conf. Afterwards non of the clients could access sysvol directory through explorer view. First, what path did you try to connect to exactly? Assuming your server is called server.example.com, did you connect to \\SERVER\... or was it \\example.com\...? you have to try \\domain.tld\ because that's the way client will do. And still no gpo applying for win7 clients. I´m kinda confused. Are gpo suppose to work with samba4 and win7? It works perfect with my win xp clients. I think it is supposed to work, but I've not tried it. I'm sure one of the Samba developers will say if it's not supposed to work. Might be a bug (what a surprise ;-) ) in the dfs referal naming resolution, I really happy to help I just need more information. Like a trace and the fact if you have more than 1 DC. In short if you don't have host msdfs = yes, the client will revert to NT4 authentication when trying to access \\domain.tld\sysvol ... as the client can't do kerberos authentication on a domain SPN. XP is quite ok with this degradation, w7 has some problems some time and tend to do unauthenticated mode which of course fail ! Starting samba in more verbose mode could help too (-d 4 should be good). Matthieu -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
On 12/05/2011 11:21, tae...@bredband.net wrote: Hello! Having an issue with getting gpo to apply for my win7 clients. Running samba4. Creating gpo with gpmc and they are created under var/locks/sysvol/"mydomain"/policies They applies just perfect on win xp clients but when trying on win7 clients they just won´t apply. When runnin gpupdate /force we get this(summary): So I pushed a few fixes in the Git tree of samba and made a lot of tests about this. First you need: host msdfs = yes in the [global] part of your configuration. Then reboot XP / windows7. Try to access \\domain.tld\sysvol and also navigate inside it. If it works it means that dfs for sysvol is working in most the case it will solve Windows7 problems with fetching the GPO. If not make trace from the samba server and send us for analysis, trace can be done like this: tcpdump -i any host ip_of_the_client -s 16000 -w /tmp/trace.pcap. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
Hello Kalle, It looks better but according to what I see I think that you didn't update the code of samba4. Did you pull the latest changes ? and then compile and install it ? Matthieu. Hello! Attached a trace file while running gpupdate. Accessing sysvol works through: \\ip\sysvol and \\dc.domain_name\sysvol Doesn´t work through \\domainname\sysvol - Ursprungligt meddelande - Från: "Matthieu Patou" Till: samba@lists.samba.org, "samba-technical" Skickat: torsdag, 19 maj 2011 15:31:34 Ämne: Re: [Samba] Samba 4 and gpo in win7 On 12/05/2011 11:21, tae...@bredband.net wrote: Hello! Having an issue with getting gpo to apply for my win7 clients. Running samba4. Creating gpo with gpmc and they are created under var/locks/sysvol/"mydomain"/policies They applies just perfect on win xp clients but when trying on win7 clients they just won´t apply. When runnin gpupdate /force we get this(summary): So I pushed a few fixes in the Git tree of samba and made a lot of tests about this. First you need: host msdfs = yes in the [global] part of your configuration. Then reboot XP / windows7. Try to access \\domain.tld\sysvol and also navigate inside it. If it works it means that dfs for sysvol is working in most the case it will solve Windows7 problems with fetching the GPO. If not make trace from the samba server and send us for analysis, trace can be done like this: tcpdump -i any host ip_of_the_client -s 16000 -w /tmp/trace.pcap. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
Hello! Attached a trace file while running gpupdate. Accessing sysvol works through: \\ip\sysvol and \\dc.domain_name\sysvol Doesn´t work through \\domainname\sysvol - Ursprungligt meddelande - Från: "Matthieu Patou" Till: samba@lists.samba.org, "samba-technical" Skickat: torsdag, 19 maj 2011 15:31:34 Ämne: Re: [Samba] Samba 4 and gpo in win7 On 12/05/2011 11:21, tae...@bredband.net wrote: > > Hello! > > Having an issue with getting gpo to apply for my win7 > clients. > > Running samba4. > > Creating gpo with gpmc and they are created > under var/locks/sysvol/"mydomain"/policies > > They applies just perfect > on win xp clients but when trying on win7 clients they just won´t apply. > > > When runnin gpupdate /force we get this(summary): > So I pushed a few fixes in the Git tree of samba and made a lot of tests about this. First you need: host msdfs = yes in the [global] part of your configuration. Then reboot XP / windows7. Try to access \\domain.tld\sysvol and also navigate inside it. If it works it means that dfs for sysvol is working in most the case it will solve Windows7 problems with fetching the GPO. If not make trace from the samba server and send us for analysis, trace can be done like this: tcpdump -i any host ip_of_the_client -s 16000 -w /tmp/trace.pcap. Matthieu. -- Matthieu Patou Samba Team http://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
in your example >Accessing sysvol works through: \\ip\sysvol and >\\dc.domain_name\sysvol Ipadres Hostname.domainname_local >Doesn´t work through \\domainname\sysvol ^^ expected here is \\hostname \\domainname is a no go. Louis >-Oorspronkelijk bericht- >Van: ka...@zimbra.inputinterior.se >[mailto:samba-boun...@lists.samba.org] Namens Kalle Pettersson >Verzonden: 2011-05-20 16:51 >Aan: m...@samba.org >CC: samba@lists.samba.org >Onderwerp: Re: [Samba] Samba 4 and gpo in win7 > >Hello! > >Attached a trace file while running gpupdate. > >Accessing sysvol works through: \\ip\sysvol and >\\dc.domain_name\sysvol >Doesn´t work through \\domainname\sysvol > > > > > >- Ursprungligt meddelande - > >Från: "Matthieu Patou" >Till: samba@lists.samba.org, "samba-technical" > >Skickat: torsdag, 19 maj 2011 15:31:34 >Ämne: Re: [Samba] Samba 4 and gpo in win7 > >On 12/05/2011 11:21, tae...@bredband.net wrote: >> >> Hello! >> >> Having an issue with getting gpo to apply for my win7 >> clients. >> >> Running samba4. >> >> Creating gpo with gpmc and they are created >> under var/locks/sysvol/"mydomain"/policies >> >> They applies just perfect >> on win xp clients but when trying on win7 clients they just >won´t apply. >> >> >> When runnin gpupdate /force we get this(summary): >> >So I pushed a few fixes in the Git tree of samba and made a >lot of tests >about this. >First you need: >host msdfs = yes in the [global] part of your configuration. > >Then reboot XP / windows7. > >Try to access \\domain.tld\sysvol and also navigate inside it. >If it works it means that dfs for sysvol is working in most >the case it >will solve Windows7 problems with fetching the GPO. > >If not make trace from the samba server and send us for >analysis, trace >can be done like this: tcpdump -i any host ip_of_the_client -s >16000 -w >/tmp/trace.pcap. > >Matthieu. > > > > >-- >Matthieu Patou >Samba Team http://samba.org >Private repo http://git.samba.org/?p=mat/samba.git;a=summary > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
Hello Louis,
On 03/06/2011 10:57, L.P.H. van Belle wrote:
in your example
Accessing sysvol works through: \\ip\sysvol and>\\dc.domain_name\sysvol
Ipadres
Hostname.domainname_local
Doesn´t work through \\domainname\sysvol
^^
expected here is \\hostname
\\domainname is a no go.
Your email is cryptic at best, what's the sense of your remarks ?
I persists to say that if you have a domain called demo.samba4.corp and
a DC inside called dc1 with IP address 1.2.3.4
The following will work:
* \\1.2.3.4\sysvol
* \\dc1.demo.samba4.corp\sysvol
If you activate the option "host msdfs" in the global section of
smb.conf then the following will work as well:
* \\demo.samba4.corp\sysvol
And that's the way group policy tools (gpmc.msc) stores GPO informations
in the Active Directory Database. Check the example bellow with my
personal domain called home.matws.net.
./bin/ldbsearch -H ~/workspace//samba/homematwsnet/private/sam.ldb -b
"CN=Policies,CN=System,DC=home,DC=matws,DC=net" '(gPCFileSysPath=*)'
gPCFileSysPath
# record 1
dn:
CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=home,DC=matws,DC=net
gPCFileSysPath:
\\home.matws.net\sysvol\home.matws.net\Policies\{6AC1786C-016F
-11D2-945F-00C04FB984F9}
# record 2
dn:
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=home,DC=matws,DC=net
gPCFileSysPath:
\\home.matws.net\sysvol\home.matws.net\Policies\{31B2F340-016D
-11D2-945F-00C04FB984F9}
# record 3
dn:
CN={D1A937AB-7413-4E0D-ABF1-CBE9A3730C66},CN=Policies,CN=System,DC=home,DC=matws,DC=net
gPCFileSysPath:
\\home.matws.net\SysVol\home.matws.net\Policies\{D1A937AB-7413
-4E0D-ABF1-CBE9A3730C66}
# record 4
dn:
CN={83AC0057-21E3-40E6-97EE-30C1D49498B6},CN=Policies,CN=System,DC=home,DC=matws,DC=net
gPCFileSysPath:
\\home.matws.net\SysVol\home.matws.net\Policies\{83AC0057-21E3
-40E6-97EE-30C1D49498B6}
For those who are interested, windows clients will check if the DC to
which they are connected support DFS, if so client will start a DFS name
resolution protocol to be able to translate \\domainname.tld\sysvol to
\\dcname.domainname.tld\sysvol.
So if the DC support DFS, the client will first send a request to get
all the domain supported by the DC, then client will check if in the
list there is its domain (in a 1 domain forest that's obvious but in a
multidomain forest it can be not so obvious). If so it will ask this DC
for the list of DCs for this domain, the list is sorted by cost so that
the first one are the closest (in the same windows site or in the site
with the smallest connection cost). Client will pick the first DC in the
list and will then ask it for the list of servers that hosts the sysvol
share. The DC will return the list of network path for accessing this
resource.
More details are available to MS-DFSC.pdf.
Matthieu.
Louis
-Oorspronkelijk bericht-
Van: ka...@zimbra.inputinterior.se
[mailto:samba-boun...@lists.samba.org] Namens Kalle Pettersson
Verzonden: 2011-05-20 16:51
Aan: m...@samba.org
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Samba 4 and gpo in win7
Hello!
Attached a trace file while running gpupdate.
Accessing sysvol works through: \\ip\sysvol and
\\dc.domain_name\sysvol
Doesn´t work through \\domainname\sysvol
- Ursprungligt meddelande -
Från: "Matthieu Patou"
Till: samba@lists.samba.org, "samba-technical"
Skickat: torsdag, 19 maj 2011 15:31:34
Ämne: Re: [Samba] Samba 4 and gpo in win7
On 12/05/2011 11:21, tae...@bredband.net wrote:
Hello!
Having an issue with getting gpo to apply for my win7
clients.
Running samba4.
Creating gpo with gpmc and they are created
under var/locks/sysvol/"mydomain"/policies
They applies just perfect
on win xp clients but when trying on win7 clients they just
won´t apply.
When runnin gpupdate /force we get this(summary):
So I pushed a few fixes in the Git tree of samba and made a
lot of tests
about this.
First you need:
host msdfs = yes in the [global] part of your configuration.
Then reboot XP / windows7.
Try to access \\domain.tld\sysvol and also navigate inside it.
If it works it means that dfs for sysvol is working in most
the case it
will solve Windows7 problems with fetching the GPO.
If not make trace from the samba server and send us for
analysis, trace
can be done like this: tcpdump -i any host ip_of_the_client -s
16000 -w
/tmp/trace.pcap.
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the fol
Re: [Samba] Samba 4 and gpo in win7
Hai Mat,
It how the naming is used...
a domain called demo.samba4.corp and a DC inside called dc1 with IP address
1.2.3.4
>The following will work:
>* \\1.2.3.4\sysvol
>* \\dc1.demo.samba4.corp\sysvol
Yes it does, but gain.
in this example the domain is: samba4.corp
the subdomain is : demo
and the host is : dc1
the domainname is not : dc1.demo.samba4.corp
and again : your personal domain called: home.matws.net.
no.. you domain is matws.net with subdomain home.
People get confused if naming isn't correcty used.
Nice how you explained the working of DFS, thats very informational for samba
users.
and yes, i should be clearer by what i ment, sorry for that.
Louis
>-Oorspronkelijk bericht-
>Van: m...@samba.org [mailto:samba-boun...@lists.samba.org]
>Namens Matthieu Patou
>Verzonden: 2011-06-03 09:59
>Aan: samba@lists.samba.org
>Onderwerp: Re: [Samba] Samba 4 and gpo in win7
>
>Hello Louis,
>On 03/06/2011 10:57, L.P.H. van Belle wrote:
>> in your example
>>
>>> Accessing sysvol works through: \\ip\sysvol
>and>\\dc.domain_name\sysvol
>>
>
>> Ipadres
>Hostname.domainname_local
>>
>>> Doesn´t work through \\domainname\sysvol
>> ^^
>> expected here is \\hostname
>> \\domainname is a no go.
>Your email is cryptic at best, what's the sense of your remarks ?
>I persists to say that if you have a domain called
>demo.samba4.corp and
>a DC inside called dc1 with IP address 1.2.3.4
>The following will work:
>* \\1.2.3.4\sysvol
>* \\dc1.demo.samba4.corp\sysvol
>
>If you activate the option "host msdfs" in the global section of
>smb.conf then the following will work as well:
>* \\demo.samba4.corp\sysvol
>
>And that's the way group policy tools (gpmc.msc) stores GPO
>informations
>in the Active Directory Database. Check the example bellow with my
>personal domain called home.matws.net.
>
>
>./bin/ldbsearch -H ~/workspace//samba/homematwsnet/private/sam.ldb -b
>"CN=Policies,CN=System,DC=home,DC=matws,DC=net" '(gPCFileSysPath=*)'
>gPCFileSysPath
># record 1
>dn:
>CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System
>,DC=home,DC=matws,DC=net
>gPCFileSysPath:
>\\home.matws.net\sysvol\home.matws.net\Policies\{6AC1786C-016F
> -11D2-945F-00C04FB984F9}
>
># record 2
>dn:
>CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System
>,DC=home,DC=matws,DC=net
>gPCFileSysPath:
>\\home.matws.net\sysvol\home.matws.net\Policies\{31B2F340-016D
> -11D2-945F-00C04FB984F9}
>
># record 3
>dn:
>CN={D1A937AB-7413-4E0D-ABF1-CBE9A3730C66},CN=Policies,CN=System
>,DC=home,DC=matws,DC=net
>gPCFileSysPath:
>\\home.matws.net\SysVol\home.matws.net\Policies\{D1A937AB-7413
> -4E0D-ABF1-CBE9A3730C66}
>
># record 4
>dn:
>CN={83AC0057-21E3-40E6-97EE-30C1D49498B6},CN=Policies,CN=System
>,DC=home,DC=matws,DC=net
>gPCFileSysPath:
>\\home.matws.net\SysVol\home.matws.net\Policies\{83AC0057-21E3
> -40E6-97EE-30C1D49498B6}
>
>
>For those who are interested, windows clients will check if the DC to
>which they are connected support DFS, if so client will start
>a DFS name
>resolution protocol to be able to translate \\domainname.tld\sysvol to
>\\dcname.domainname.tld\sysvol.
>
>So if the DC support DFS, the client will first send a request to get
>all the domain supported by the DC, then client will check if in the
>list there is its domain (in a 1 domain forest that's obvious but in a
>multidomain forest it can be not so obvious). If so it will
>ask this DC
>for the list of DCs for this domain, the list is sorted by
>cost so that
>the first one are the closest (in the same windows site or in the site
>with the smallest connection cost). Client will pick the first
>DC in the
>list and will then ask it for the list of servers that hosts
>the sysvol
>share. The DC will return the list of network path for accessing this
>resource.
>
>
>More details are available to MS-DFSC.pdf.
>
>Matthieu.
>
>
>> Louis
>>
>>> -Oorspronkelijk bericht-
>>> Van: ka...@zimbra.inputinterior.se
>>> [mailto:samba-boun...@lists.samba.org] Namens Kalle Pettersson
>>> Verzonden: 2011-05-20 16:51
>>> Aan: m...@samba.org
>>> CC: samba@lists.samba.org
>>> Onderwerp: Re: [Samba] Samba 4 and gpo in win7
>>>
>>> Hello!
>>>
>>> Attached a trace file while running gpupdate.
>>>
>
Re: [Samba] Samba 4 and gpo in win7
On 03/06/2011 12:10, L.P.H. van Belle wrote: Hai Mat, It how the naming is used... a domain called demo.samba4.corp and a DC inside called dc1 with IP address 1.2.3.4 The following will work: * \\1.2.3.4\sysvol * \\dc1.demo.samba4.corp\sysvol Yes it does, but gain. in this example the domain is: samba4.corp the subdomain is : demo and the host is : dc1 No you're wrong, you can decide the demo.samba4.corp is your Active Domain Name, no matter if it's related to domain or a subdomain name. If you provision samba4 with demo.samba4.corp it will be the root of your naming contexts. the domainname is not : dc1.demo.samba4.corp and again : your personal domain called: home.matws.net. no.. you domain is matws.net with subdomain home. People get confused if naming isn't correcty used. Same remarks. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 and gpo in win7
Yes, right again..but.. Now your talking about Active Directory naming. an AD Name is not a Domain Name. 2 differtent things. Yes, they can have the same name, thats wat it makes confusing for some people. Anyway we need to be clearer, ( including me ) :-), its good for the samba list. I think if poeple want to learn, read this: http://support.microsoft.com/kb/909264 Louis >-Oorspronkelijk bericht- >Van: m...@samba.org [mailto:samba-boun...@lists.samba.org] >Namens Matthieu Patou >Verzonden: 2011-06-03 11:55 >Aan: samba@lists.samba.org >Onderwerp: Re: [Samba] Samba 4 and gpo in win7 > >On 03/06/2011 12:10, L.P.H. van Belle wrote: >> Hai Mat, >> >> It how the naming is used... >> >> a domain called demo.samba4.corp and a DC inside called dc1 >with IP address 1.2.3.4 >>> The following will work: >>> * \\1.2.3.4\sysvol >>> * \\dc1.demo.samba4.corp\sysvol >> Yes it does, but gain. >> >> in this example the domain is: samba4.corp >> the subdomain is : demo >> and the host is : dc1 >No you're wrong, you can decide the demo.samba4.corp is your Active >Domain Name, no matter if it's related to domain or a subdomain name. > >If you provision samba4 with demo.samba4.corp it will be the root of >your naming contexts. > >> the domainname is not : dc1.demo.samba4.corp >> and again : your personal domain called: home.matws.net. >> no.. you domain is matws.net with subdomain home. >> >> People get confused if naming isn't correcty used. >Same remarks. > > >-- >Matthieu Patou >Samba Teamhttp://samba.org >Private repo http://git.samba.org/?p=mat/samba.git;a=summary > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
