Re: [Samba] Samba 4 and gpo in win7

Fri, 03 Jun 2011 00:59:31 -0700 

Hello Louis,
On 03/06/2011 10:57, L.P.H. van Belle wrote:

in your example


Accessing sysvol works through: \\ip\sysvol and>\\dc.domain_name\sysvol

                                        ^^^^^^^^                  
^^^^^^^^^^^^^^^^
                                        Ipadres           
Hostname.domainname_local


Doesn´t work through \\domainname\sysvol

                        ^^^^^^^^^^^^^^
                        expected here is \\hostname
                        \\domainname is a no go.

Your email is cryptic at best, what's the sense of your remarks ?
I persists to say that if you have a domain called demo.samba4.corp and a DC inside called dc1 with IP address 1.2.3.4 
The following will work:
* \\1.2.3.4\sysvol
* \\dc1.demo.samba4.corp\sysvol
If you activate the option "host msdfs" in the global section of smb.conf then the following will work as well: 
* \\demo.samba4.corp\sysvol
And that's the way group policy tools (gpmc.msc) stores GPO informations in the Active Directory Database. Check the example bellow with my personal domain called home.matws.net.
./bin/ldbsearch -H ~/workspace//samba/homematwsnet/private/sam.ldb -b "CN=Policies,CN=System,DC=home,DC=matws,DC=net" '(gPCFileSysPath=*)' gPCFileSysPath 
# record 1
dn: CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=home,DC=matws,DC=net gPCFileSysPath: \\home.matws.net\sysvol\home.matws.net\Policies\{6AC1786C-016F 
 -11D2-945F-00C04FB984F9}

# record 2
dn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=home,DC=matws,DC=net gPCFileSysPath: \\home.matws.net\sysvol\home.matws.net\Policies\{31B2F340-016D 
 -11D2-945F-00C04FB984F9}

# record 3
dn: CN={D1A937AB-7413-4E0D-ABF1-CBE9A3730C66},CN=Policies,CN=System,DC=home,DC=matws,DC=net gPCFileSysPath: \\home.matws.net\SysVol\home.matws.net\Policies\{D1A937AB-7413 
 -4E0D-ABF1-CBE9A3730C66}

# record 4
dn: CN={83AC0057-21E3-40E6-97EE-30C1D49498B6},CN=Policies,CN=System,DC=home,DC=matws,DC=net gPCFileSysPath: \\home.matws.net\SysVol\home.matws.net\Policies\{83AC0057-21E3 
 -40E6-97EE-30C1D49498B6}
For those who are interested, windows clients will check if the DC to which they are connected support DFS, if so client will start a DFS name resolution protocol to be able to translate \\domainname.tld\sysvol to \\dcname.domainname.tld\sysvol.
So if the DC support DFS, the client will first send a request to get all the domain supported by the DC, then client will check if in the list there is its domain (in a 1 domain forest that's obvious but in a multidomain forest it can be not so obvious). If so it will ask this DC for the list of DCs for this domain, the list is sorted by cost so that the first one are the closest (in the same windows site or in the site with the smallest connection cost). Client will pick the first DC in the list and will then ask it for the list of servers that hosts the sysvol share. The DC will return the list of network path for accessing this resource. 


More details are available to MS-DFSC.pdf.

Matthieu.



Louis


-----Oorspronkelijk bericht-----
Van: ka...@zimbra.inputinterior.se
[mailto:samba-boun...@lists.samba.org] Namens Kalle Pettersson
Verzonden: 2011-05-20 16:51
Aan: m...@samba.org
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Samba 4 and gpo in win7

Hello!

Attached a trace file while running gpupdate.

Accessing sysvol works through: \\ip\sysvol and
\\dc.domain_name\sysvol
Doesn´t work through \\domainname\sysvol





----- Ursprungligt meddelande -----

Från: "Matthieu Patou"<m...@samba.org>
Till: samba@lists.samba.org, "samba-technical"
<samba-techni...@lists.samba.org>
Skickat: torsdag, 19 maj 2011 15:31:34
Ämne: Re: [Samba] Samba 4 and gpo in win7

On 12/05/2011 11:21, tae...@bredband.net wrote:

Hello!

Having an issue with getting gpo to apply for my win7
clients.

Running samba4.

Creating gpo with gpmc and they are created
under var/locks/sysvol/"mydomain"/policies

They applies just perfect
on win xp clients but when trying on win7 clients they just

won´t apply.


When runnin gpupdate /force we get this(summary):


So I pushed a few fixes in the Git tree of samba and made a
lot of tests
about this.
First you need:
host msdfs = yes in the [global] part of your configuration.

Then reboot XP / windows7.

Try to access \\domain.tld\sysvol and also navigate inside it.
If it works it means that dfs for sysvol is working in most
the case it
will solve Windows7 problems with fetching the GPO.

If not make trace from the samba server and send us for
analysis, trace
can be done like this: tcpdump -i any host ip_of_the_client -s
16000 -w
/tmp/trace.pcap.

Matthieu.




--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




--
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to