[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
SRU information missing from the description
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Fix Released
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and
enter correctly with domain users.
ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: adsys 0.11.0
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
ALL, I am also interested in this. Have the same problems. sssd
install worked and Active Directory user login to Ubuntu 22.04.06 LTS
fine. But then adsys broke it and had to disable with pam-auth-update.
We would like to be able to use the extended GPOs from adsys. Wondering
about when it might be released.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Fix Released
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Do we have any updates on the backporting timeline to 22.04 ?
Thanks!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Fix Released
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and
enter correctly with domain users.
ProblemType: Bug
DistroRelease: Ubuntu 23.04
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Do we have any updates on this backing backported ?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Fix Released
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and
enter correctly with domain users.
ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: adsys 0.11.0
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Hi all, is there any update on the fix being backported to 22.04? I'm
also having this issue and am locked into 22.04.
Thanks!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Fix Released
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and
enter correctly with domain
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Yes, it is going to be fixed. We are currently in the process of
backporting 0.13.2 with the latest fixes and features from noble to
22.04.
Sorry for the time it is taking.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Fix Released
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a
Re: [Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Is this going to also be fixed in Jammy Jellyfish where it was actually
reported? It does no good to fix in Noble when I'm bound to 22.04
On Wed, Nov 22, 2023, 7:15 PM Launchpad Bug Tracker <
2024...@bugs.launchpad.net> wrote:
> This bug was fixed in the package adsys - 0.13.2
>
> ---
> adsys (0.13.2) noble; urgency=medium
>
> [ Denison Barbosa ]
> [ Didier Roche ]
> [ Gabriel Nagy ]
> [ Jean-Baptiste Lallement ]
> * Ensure GPO URLs contain the FQDN of the domain controller (LP:
> #2024377)
> * Add runtime dependency on nfs-common (LP: #2044112)
> * Documentation changes:
> - Switch to Read the Docs for project documentation
> - Generate documentation from policy definitions
> - Fix installation path of adwatchd
> * CI and quality of life changes not impacting package functionality:
> - Bump go version to 1.21.4
> - Fix docker stop behavior on integration tests
> - Add e2e tests provisioning workflow
> - Reduce the amount of workflows to be run
> - Remove scopes from dependabot config
> * Update dependencies to latest:
> - github.com/charmbracelet/lipgloss
> - github.com/fatih/color
> - github.com/fsnotify/fsnotify
> - github.com/golangci/golangci-lint
> - github.com/google/uuid
> - github.com/maruel/natural
> - github.com/pkg/sftp
> - github.com/spf13/cobra
> - github.com/spf13/viper
> - golang.org/x/crypto
> - golang.org/x/net
> - golang.org/x/sync
> - golang.org/x/sys
> - golang.org/x/text
> - google.golang.org/grpc
>
> -- Gabriel Nagy Tue, 21 Nov 2023 12:53:10
> +0200
>
> ** Changed in: adsys (Ubuntu)
>Status: Triaged => Fix Released
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2024377
>
> Title:
> Adsys can't fetch GPOs
>
> Status in adsys package in Ubuntu:
> Fix Released
>
> Bug description:
> Bad, maybe no understandable english ahead.
>
> Can't find anything related to this on Github, Canonical Forums,
> Reddit or StackOverflow.
>
> On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
> steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
> backend, I can log with Active Directory users however when adsys is
> installed I can't fetch GPOs. In this version the error is:
>
> ERROR Error from server: error while updating policy: can't get
> policies for "ubuntu": can't download all gpos and assets: one or more
> error while fetching GPOs and assets: can't download "ubuntuRoot":
> can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
> open
> smb://
> addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI
>
> :
> invalid argument
>
> It happens when using "adsysctl update -m" or "adsysctl update
> usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
> "adsysctl update" too.
>
> I've upgrade the machine to 22.10 and the error changed to:
>
> ERROR Error from server: error while updating policy: can't get policies
> for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit
> status 1
> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap':
> LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to open session: (1, 'LDAP client internal error:
> NT_STATUS_INVALID_PARAMETER').
>
> After upgrade to 23.04 the error persist same as the above.
>
> Full info 22.04 (- verbose):
>
> INFO No configuration file: Config File "adsys" Not Found in
> "[/home/jzprates /root /etc /usr/sbin]".
> We will only use the defaults, env variables or flags.
> DEBUG Connecting as [[2504:109556]]
> DEBUG New request /service/UpdatePolicy
> DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
> ubuntu, Krb5Cc:
> DEBUG NormalizeTargetName for "ubuntu", type "computer"
> DEBUG Check if grpc request peer is authorized
> DEBUG Authorized as being administrator
> DEBUG GetPolicies for "ubuntu", type "computer"
> DEBUG Getting gpo list with arguments: "--objectclass computer ldap://
> addc01.domain.com.br ubuntu"
> DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://
> addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}
>
> "
> DEBUG Analyzing "assets"
> DEBUG Analyzing "ubuntuRoot"
> INFO No assets directory with GPT.INI file found on AD, skipping assets
> download
> ERROR Error from server: error while updating policy: can't get policies
> for "ubuntu": can't download all gpos and assets: one or more error while
> fetching GPOs and assets: can't download
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
This bug was fixed in the package adsys - 0.13.2
---
adsys (0.13.2) noble; urgency=medium
[ Denison Barbosa ]
[ Didier Roche ]
[ Gabriel Nagy ]
[ Jean-Baptiste Lallement ]
* Ensure GPO URLs contain the FQDN of the domain controller (LP: #2024377)
* Add runtime dependency on nfs-common (LP: #2044112)
* Documentation changes:
- Switch to Read the Docs for project documentation
- Generate documentation from policy definitions
- Fix installation path of adwatchd
* CI and quality of life changes not impacting package functionality:
- Bump go version to 1.21.4
- Fix docker stop behavior on integration tests
- Add e2e tests provisioning workflow
- Reduce the amount of workflows to be run
- Remove scopes from dependabot config
* Update dependencies to latest:
- github.com/charmbracelet/lipgloss
- github.com/fatih/color
- github.com/fsnotify/fsnotify
- github.com/golangci/golangci-lint
- github.com/google/uuid
- github.com/maruel/natural
- github.com/pkg/sftp
- github.com/spf13/cobra
- github.com/spf13/viper
- golang.org/x/crypto
- golang.org/x/net
- golang.org/x/sync
- golang.org/x/sys
- golang.org/x/text
- google.golang.org/grpc
-- Gabriel Nagy Tue, 21 Nov 2023 12:53:10
+0200
** Changed in: adsys (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Fix Released
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
I think you can move forward with the fix!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Triaged
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and
enter correctly with domain users.
ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: adsys 0.11.0
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
** Changed in: adsys (Ubuntu)
Status: Confirmed => Triaged
** Changed in: adsys (Ubuntu)
Importance: Undecided => High
** Changed in: adsys (Ubuntu)
Assignee: (unassigned) => Gabriel Nagy (gabuscus)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Triaged
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
This looks alright to me, GPOs are fetched and applied. Are you
experiencing any other issues? If not I'll move forward with the fix
from the PPA.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and
enter correctly
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
I think we are getting closer.
** Attachment added: "adsys_log.txt"
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2024377/+attachment/5711740/+files/adsys_log.txt
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Hey,
Unfortunately with Samba logs there's a lot of noise to filter out. I
compared one of your runs with my (successful) run and I noticed
something interesting.
We do a LDAP search to get the list of GPOs using the domain controller
exposed by SSSD via D-Bus. For you the DC is autoselected as
"n060adkhdc121". The list of GPOs is a list of URLs reported as
"smb://domain.com/SysVol/domain.com/Policies..." which doesn't contain
the DC name, only the domain name.
When we download the GPOs, libsmbclient will try to resolve a DC from
the domain, in your case it appears there are a lot of DCs advertised
(looking at the "Connecting to ... at port ..." prints). For some
reason, the DC selected by libsmbclient is "N060ADKAZ103" instead of the
DC reported by SSSD. Hence we end up with this error:
SPNEGO login failed: {Access Denied} A process has requested access to
an object but has not been granted those access rights.
I've pushed another build to the PPA mentioned above, where the GPO URLs
are rewritten to contain the hostname of the DC in addition to the
domain which will bypass the autoselect/discovery logic of libsmbclient
and reuse the server exposed by SSSD when downloading the GPO data. You
can install the package using the same steps from my previous comment.
Please let me know if it works for you.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
See attached. I think I see a problem in there with Kerberos and going
through some settings as there are no files being generated here
`/var/run/adsys/krb5cc/$(hostname)`
Domain controllers run WS2016
** Attachment added: "adsys_log.txt"
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2024377/+attachment/5710280/+files/adsys_log.txt
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates"
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Hi,
I've prepared a version of adsys with debug logs enabled for
libsmbclient, this way we can pinpoint exactly what causes the
libsmbclient call inside adsys to fail.
You can install the package using the following commands:
sudo add-apt-repository ppa:gabuscus/adsys-smbclient-debug
sudo apt update
sudo apt install -y adsys
After this, please run adsys once, then dump the journalctl logs to a
file and attach it here (remember to redact any sensitive information):
sudo adsysctl update -m -vv
sudo journalctl -u adsysd -S yesterday > adsys_log.txt
Hopefully this will get us closer to the root of the issue. Also, could
you please tell me what Windows Server version you are running?
Thanks!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
regularuser@LCXVDU22NPE4030:~$ apt list --installed | grep adsys
WARNING: apt does not have a stable CLI interface. Use with caution in
scripts.
adsys/jammy-updates,now 0.9.2~22.04.2 amd64 [installed]
regularuser@LCXVDU22NPE4030:~$ apt list --installed | grep libsmbclient
WARNING: apt does not have a stable CLI interface. Use with caution in
scripts.
libsmbclient/jammy-security,now 2:4.15.13+dfsg-0ubuntu1.5 amd64
[installed,automatic]
regularuser@LCXVDU22NPE4030:~$ sudo adsysctl update -m -vvv
INFO github.com/ubuntu/adsys/internal/config/config.go:78 Init() Using
configuration file: /etc/adsys.yaml
DEBUG Connecting as [[4492:009622]]
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27
StreamServerInterceptor.func1() New request /service/UpdatePolicy
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60
loggedServerStream.RecvMsg() Requesting with parameters: IsComputer: true, All:
false, Target: LCXVDU22NPE4030, Krb5Cc:
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:571 (*AD).NormalizeTargetName()
NormalizeTargetName for "LCXVDU22NPE4030", type "computer"
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111
Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150
Authorizer.isAllowed() Authorized as being administrator
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:225 (*AD).GetPolicies()
GetPolicies for "LCXVDU22NPE4030", type "computer"
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:293 (*AD).GetPolicies() Getting
gpo list with arguments: "--objectclass computer
ldap://n060adkhdc121.domain.com LCXVDU22NPE4030"
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:315 (*AD).GetPolicies() GPO
"00cEntCTX-Ubuntu-Edge" for "LCXVDU22NPE4030" available at
"smb://domain.com/SysVol/domain.com/Policies/{F7E97A8D-7DB1-4571-956A-005D1658DC35}"
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:315 (*AD).GetPolicies() GPO
"00cEntCtx-Ubuntu-Test" for "LCXVDU22NPE4030" available at
"smb://domain.com/SysVol/domain.com/Policies/{5B925A10-9572-4FB8-B9A0-DB2DFF9EF34B}"
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2()
Analyzing "00cEntCtx-Ubuntu-Test"
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2()
Analyzing "00cEntCTX-Ubuntu-Edge"
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2()
Analyzing "assets"
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() No
assets directory with GPT.INI file found on AD, skipping assets download
ERRORgithub.com/ubuntu/adsys/cmd/adsysd/main.go:50 main.run() Error from
server: error while updating policy: can't get policies for "LCXVDU22NPE4030":
can't download all gpos and assets: one or more error while fetching GPOs and
assets: can't download "00cEntCtx-Ubuntu-Test": can't check if
00cEntCtx-Ubuntu-Test needs refreshing: no GPT.INI file: cannot open
smb://domain.com/SysVol/domain.com/Policies/{5B925A10-9572-4FB8-B9A0-DB2DFF9EF34B}/GPT.INI:
invalid argument
Let me know if you want any additional information or want me to try
anything. These are VMs so I can spin them back up quickly if I brick
one.
I can do a cifs mount to the GPT.INI file and open it just fine but
Adsys and Smbclient will fail out trying to hit those directly. I did
notice smbclient works when using the -D flagsmbclient
//example.com/sysvol -D "example.com/policies/{policy}" Without that
flag (smbclient //example.com/sysvol/example.com/policies/{policy}) it
comes back with tree connect failed: NT_STATUS_BAD_NETWORK_NAME Case
matching doesn't seem to make a difference for me. I thought it was a
client side configuration problem and have been tinkering with SMB.conf
but I had not gotten anywhere.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Interesting - so we are able to get the list of GPOs, _and_ smbclient is
able to print the contents of the GPT.INI file, but adsys still fails.
At this point I'm out of ideas, I would suggest the following:
- upgrade the system to make sure you are running the latest available versions
of adsys (0.9.2~22.04.2) and libsmbclient (2:4.15.13+dfsg-0ubuntu1.5) for your
OS version
- confirm
- paste the output of running `sudo adsysctl update -m -vv` again
I noticed you're not the originator of the ticket and you haven't yet
shared actual logs of running adsysctl - so this would be helpful in our
investigation.
Thanks!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
root@LCXVDU22NPE4030:~# export KRB5CCNAME=/var/run/adsys/krb5cc/LCXVDU22NPE4030
adsysctl policy debug gpolist-script
chmod +x adsys-gpolist
./adsys-gpolist --objectclass computer ldap://N060ADKCDC109.domain.com
LCXVDU22NPE4030
00cEntCTX-Ubuntu-Edge
smb://domain.com/SysVol/domain.com/Policies/{F7E97A8D-7DB1-4571-956A-005D1658DC35}
00cEntCtx-Ubuntu-Test
smb://domain.com/SysVol/domain.com/Policies/{5B925A10-9572-4FB8-B9A0-DB2DFF9EF34B}
root@LCXVDU22NPE4030:~# smbclient --option='log level=10'
//N060ADKCDC109.domain.com/SYSVOL/ -k -c 'get
domain.com/Policies/{5B925A10-9572-4FB8-B9A0-DB2DFF9EF34B}/GPT.INI /dev/fd/1' |
cat
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
smb2: 10
smb2_credits: 10
dsdb_audit: 10
dsdb_json_audit: 10
dsdb_password_audit: 10
dsdb_password_json_audit: 10
dsdb_transaction_audit: 10
dsdb_transaction_json_audit: 10
dsdb_group_audit: 10
dsdb_group_json_audit: 10
WARNING: The option -k|--kerberos is deprecated!
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
smb2: 10
smb2_credits: 10
dsdb_audit: 10
dsdb_json_audit: 10
dsdb_password_audit: 10
dsdb_password_json_audit: 10
dsdb_transaction_audit: 10
dsdb_transaction_json_audit: 10
dsdb_group_audit: 10
dsdb_group_json_audit: 10
Processing section "[global]"
doing parameter workgroup = domain
doing parameter security = ADS
doing parameter realm = domain.COM
doing parameter encrypt passwords = yes
lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is deprecated
doing parameter idmap config *:range = 16777216-33554431
doing parameter winbind use default domain = yes
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter template shell = /bin/bash
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth0 ip=10.34.204.247 bcast=10.34.207.255 netmask=255.255.252.0
Client started (version 4.15.13-Ubuntu).
Opening cache file at /run/samba/gencache.tdb
sitename_fetch: Returning sitename for realm 'domain.COM': "703-XX001"
internal_resolve_name: looking up N060ADKCDC109.domain.com#20 (sitename
703-XX001)
namecache_fetch: name N060ADKCDC109.domain.com#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 10.254.163.93 at port 445
convert_string_handle: E2BIG: convert_string(UTF-8,CP850): srclen=25 destlen=16
error: No more room
Connecting to 10.254.163.93 at port 139
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1,
TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0,
IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072,
SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1,
TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
session request ok
negotiated dialect[SMB3_11] against server[N060ADKCDC109.domain.com]
cli_session_setup_spnego_send: Connect to N060ADKCDC109.domain.com as
LCXVDU22NPE4030$@domain.COM using SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gensec_update_send: gse_krb5[0x55f4ae1acd70]: subreq: 0x55f4ae1909a0
gensec_update_send: spnego[0x55f4ae1a6030]: subreq: 0x55f4ae1ab820
gensec_update_done: gse_krb5[0x55f4ae1acd70]:
NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x55f4ae1909a0/../../source3/librpc/crypto/gse.c:848]: state[2]
error[0 (0x0)] state[struct gensec_gse_update_state (0x55f4ae190b60)]
timer[(nil)] finish[../../source3/librpc/crypto/gse.c:859]
gensec_update_done: spnego[0x55f4ae1a6030]: NT_STATUS_MORE_PROCESSING_REQUIRED
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Thanks for getting back. Noticing a couple of things about your pasted output:
- Did you run the first set of commands in a root session? This is necessary
because the user needs to be able to read the
`/var/run/adsys/krb5cc/$(hostname)` file. You can confirm this by trying to
`cat` the file - it shouldn't give you a Permission denied error.
- The export command looks a bit wrong, we need
`KRB5CCNAME=/var/run/adsys/krb5cc/$(hostname)` since `hostname` is a
shell command. You can confirm that the variable is set correctly by
running klist (provided by the krb5-user package). See an example below:
root@jammy-337515ec:~# export KRB5CCNAME=/var/run/adsys/krb5cc/jammy-337515ec
root@jammy-337515ec:~# klist
Ticket cache: FILE:/var/run/adsys/krb5cc/jammy-337515ec
Default principal: JAMMY-337515EC$@DOMAIN.COM
- You ran `smbclient` with sudo - unfortunately sudo does not preserve
environment variables which is why the KRB5CCNAME value defaults to
`FILE:/tmp/krb5cc_0` (as seen from the second command logs). This is why
I suggested running everything as root. Or, pass the -E flag to sudo in
order to preserve environment variables.
If there's no file at `/var/run/adsys/krb5cc/$(hostname)`, please run `adsysctl
update -m` as root and it should be created (even if the command fails).
Thanks for your patience, and let me know how this goes
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
export KRB5CCNAME=/var/run/adsys/krb5cc/$hostname
adsysctl policy debug gpolist-script
chmod +x adsys-gpolist
./adsys-gpolist --objectclass computer ldap://domaincontroller.domain.com
DEBUG Connecting as [[12227:085002]]
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27
StreamServerInterceptor.func1() New request /service/GPOListScript
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60
loggedServerStream.RecvMsg() Requesting with parameters:
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111
Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:153
Authorizer.isAllowed() Any user always authorized
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://domaincontroller.domain.com' with backend 'ldap':
LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
sudo smbclient --option='log level=10' //Domaincontroller.domain.com/SYSVOL/ -k
-c 'get
Domaincontroller.domain.com/Policies/{5B925A10-9572-4FB8-B9A0-DB2DFF9EF34B}/GPT.INI
/dev/fd/1' | cat
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
smb2: 10
smb2_credits: 10
dsdb_audit: 10
dsdb_json_audit: 10
dsdb_password_audit: 10
dsdb_password_json_audit: 10
dsdb_transaction_audit: 10
dsdb_transaction_json_audit: 10
dsdb_group_audit: 10
dsdb_group_json_audit: 10
WARNING: The option -k|--kerberos is deprecated!
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
smb2: 10
smb2_credits: 10
dsdb_audit: 10
dsdb_json_audit: 10
dsdb_password_audit: 10
dsdb_password_json_audit: 10
dsdb_transaction_audit: 10
dsdb_transaction_json_audit: 10
dsdb_group_audit: 10
dsdb_group_json_audit: 10
Processing section "[global]"
doing parameter workgroup = domain
doing parameter security = ADS
doing parameter realm = domain.COM
doing parameter encrypt passwords = yes
lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is deprecated
doing parameter idmap config *:range = 16777216-33554431
doing parameter winbind use default domain = yes
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter template shell = /bin/bash
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth0 ip=I.P.204.83 bcast=I.P.207.255 netmask=255.255.252.0
Client started (version 4.15.13-Ubuntu).
Opening cache file at /run/samba/gencache.tdb
sitename_fetch: Returning sitename for realm 'domain.COM': "703-XX001"
internal_resolve_name: looking up Domaincontroller.domain.com#20 (sitename
703-XX001)
gencache_set_data_blob: Adding cache entry with
key=[NBT/Domaincontroller.domain.COM#20] and timeout=[Wed Dec 31 19:00:00 1969
EST] (-1696431102 seconds in the past)
namecache_fetch: no entry for Domaincontroller.domain.com#20 found.
resolve_hosts: Attempting host lookup for name Domaincontroller.domain.com<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for Domaincontroller.domain.com#20:
I.P.163.93
gencache_set_data_blob: Adding cache entry with
key=[NBT/Domaincontroller.domain.COM#20] and timeout=[Wed Oct 4 11:02:42 2023
EDT] (660 seconds ahead)
internal_resolve_name: returning 1 addresses: I.P.163.93
Connecting to I.P.163.93 at port 445
convert_string_handle: E2BIG: convert_string(UTF-8,CP850): srclen=25 destlen=16
error: No more room
Connecting to I.P.163.93 at port 139
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1,
TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0,
IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072,
SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1,
TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
session request ok
negotiated dialect[SMB3_11] against server[Domaincontroller.domain.com]
cli_session_setup_spnego_send: Connect to Domaincontroller.domain.com as
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Thanks for reaching back. Unfortunately we haven't been able to
reproduce this issue and we suspect it's somehow related to the Windows
environment or libsmbclient itself.
Could you try the following?
In a root console, execute the following:
export KRB5CCNAME=/var/run/adsys/krb5cc/$(hostname)
adsysctl policy debug gpolist-script
chmod +x adsys-gpolist
./adsys-gpolist --objectclass computer ldap:// $(hostname)
smbclient --option='log level=10' ///SYSVOL/ -k -c 'get
/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI /dev/fd/1' |
cat
You might need to install the smbclient package as well if it's not
already installed.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall
Re: [Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Libsmbclient version 2:4.15.13+dfsg-0ubuntu1.3
On Wed, Sep 13, 2023, 9:51 AM Gabriel Nagy <2024...@bugs.launchpad.net>
wrote:
> Hello,
>
> The issues described for 22.10 and 23.04 were fixed by
> https://github.com/ubuntu/adsys/pull/699 and are available since adsys
> v0.12.0. However this is only available in Mantic which is not yet
> released.
>
> For the "invalid argument" issue encountered in 22.04, could you confirm
> the version of the installed libsmbclient library in 22.04?
>
> Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2024377
>
> Title:
> Adsys can't fetch GPOs
>
> Status in adsys package in Ubuntu:
> Confirmed
>
> Bug description:
> Bad, maybe no understandable english ahead.
>
> Can't find anything related to this on Github, Canonical Forums,
> Reddit or StackOverflow.
>
> On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
> steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
> backend, I can log with Active Directory users however when adsys is
> installed I can't fetch GPOs. In this version the error is:
>
> ERROR Error from server: error while updating policy: can't get
> policies for "ubuntu": can't download all gpos and assets: one or more
> error while fetching GPOs and assets: can't download "ubuntuRoot":
> can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
> open
> smb://
> addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI
>
> :
> invalid argument
>
> It happens when using "adsysctl update -m" or "adsysctl update
> usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
> "adsysctl update" too.
>
> I've upgrade the machine to 22.10 and the error changed to:
>
> ERROR Error from server: error while updating policy: can't get policies
> for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit
> status 1
> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap':
> LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to open session: (1, 'LDAP client internal error:
> NT_STATUS_INVALID_PARAMETER').
>
> After upgrade to 23.04 the error persist same as the above.
>
> Full info 22.04 (- verbose):
>
> INFO No configuration file: Config File "adsys" Not Found in
> "[/home/jzprates /root /etc /usr/sbin]".
> We will only use the defaults, env variables or flags.
> DEBUG Connecting as [[2504:109556]]
> DEBUG New request /service/UpdatePolicy
> DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
> ubuntu, Krb5Cc:
> DEBUG NormalizeTargetName for "ubuntu", type "computer"
> DEBUG Check if grpc request peer is authorized
> DEBUG Authorized as being administrator
> DEBUG GetPolicies for "ubuntu", type "computer"
> DEBUG Getting gpo list with arguments: "--objectclass computer ldap://
> addc01.domain.com.br ubuntu"
> DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://
> addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}
>
> "
> DEBUG Analyzing "assets"
> DEBUG Analyzing "ubuntuRoot"
> INFO No assets directory with GPT.INI file found on AD, skipping assets
> download
> ERROR Error from server: error while updating policy: can't get policies
> for "ubuntu": can't download all gpos and assets: one or more error while
> fetching GPOs and assets: can't download "ubuntuRoot": can't check if
> ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://
> addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI
> :
> invalid argument
>
> Full info 23.04 (- verbose):
>
> INFO No configuration file: Config File "adsys" Not Found in
> "[/home/jzprates /root /etc /usr/sbin]".
> DEBUG Connecting as [[58811:006019]]
> DEBUG New request /service/UpdatePolicy
> DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
> ubuntu, Krb5Cc:
> DEBUG NormalizeTargetName for "ubuntu", type "computer"
> DEBUG Check if grpc request peer is authorized
> DEBUG Authorized as being administrator
> DEBUG GetPolicies for "ubuntu", type "computer"
> DEBUG Getting gpo list with arguments: "--objectclass computer ldap://
> addc01.domain.com.br ubuntu"
> ERROR Error from server: error while updating policy: can't get policies
> for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit
> status 1
> Failed to bind - LDAP client internal error:
Re: [Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
I am on LOA for work until 9/18. I'll check when I return to work that day
and follow up with you.
On Wed, Sep 13, 2023, 9:51 AM Gabriel Nagy <2024...@bugs.launchpad.net>
wrote:
> Hello,
>
> The issues described for 22.10 and 23.04 were fixed by
> https://github.com/ubuntu/adsys/pull/699 and are available since adsys
> v0.12.0. However this is only available in Mantic which is not yet
> released.
>
> For the "invalid argument" issue encountered in 22.04, could you confirm
> the version of the installed libsmbclient library in 22.04?
>
> Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2024377
>
> Title:
> Adsys can't fetch GPOs
>
> Status in adsys package in Ubuntu:
> Confirmed
>
> Bug description:
> Bad, maybe no understandable english ahead.
>
> Can't find anything related to this on Github, Canonical Forums,
> Reddit or StackOverflow.
>
> On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
> steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
> backend, I can log with Active Directory users however when adsys is
> installed I can't fetch GPOs. In this version the error is:
>
> ERROR Error from server: error while updating policy: can't get
> policies for "ubuntu": can't download all gpos and assets: one or more
> error while fetching GPOs and assets: can't download "ubuntuRoot":
> can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
> open
> smb://
> addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI
>
> :
> invalid argument
>
> It happens when using "adsysctl update -m" or "adsysctl update
> usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
> "adsysctl update" too.
>
> I've upgrade the machine to 22.10 and the error changed to:
>
> ERROR Error from server: error while updating policy: can't get policies
> for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit
> status 1
> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap':
> LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to open session: (1, 'LDAP client internal error:
> NT_STATUS_INVALID_PARAMETER').
>
> After upgrade to 23.04 the error persist same as the above.
>
> Full info 22.04 (- verbose):
>
> INFO No configuration file: Config File "adsys" Not Found in
> "[/home/jzprates /root /etc /usr/sbin]".
> We will only use the defaults, env variables or flags.
> DEBUG Connecting as [[2504:109556]]
> DEBUG New request /service/UpdatePolicy
> DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
> ubuntu, Krb5Cc:
> DEBUG NormalizeTargetName for "ubuntu", type "computer"
> DEBUG Check if grpc request peer is authorized
> DEBUG Authorized as being administrator
> DEBUG GetPolicies for "ubuntu", type "computer"
> DEBUG Getting gpo list with arguments: "--objectclass computer ldap://
> addc01.domain.com.br ubuntu"
> DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://
> addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}
>
> "
> DEBUG Analyzing "assets"
> DEBUG Analyzing "ubuntuRoot"
> INFO No assets directory with GPT.INI file found on AD, skipping assets
> download
> ERROR Error from server: error while updating policy: can't get policies
> for "ubuntu": can't download all gpos and assets: one or more error while
> fetching GPOs and assets: can't download "ubuntuRoot": can't check if
> ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://
> addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI
> :
> invalid argument
>
> Full info 23.04 (- verbose):
>
> INFO No configuration file: Config File "adsys" Not Found in
> "[/home/jzprates /root /etc /usr/sbin]".
> DEBUG Connecting as [[58811:006019]]
> DEBUG New request /service/UpdatePolicy
> DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
> ubuntu, Krb5Cc:
> DEBUG NormalizeTargetName for "ubuntu", type "computer"
> DEBUG Check if grpc request peer is authorized
> DEBUG Authorized as being administrator
> DEBUG GetPolicies for "ubuntu", type "computer"
> DEBUG Getting gpo list with arguments: "--objectclass computer ldap://
> addc01.domain.com.br ubuntu"
> ERROR Error from server: error while updating policy: can't get policies
> for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit
> status 1
> Failed to bind -
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Hello,
The issues described for 22.10 and 23.04 were fixed by
https://github.com/ubuntu/adsys/pull/699 and are available since adsys
v0.12.0. However this is only available in Mantic which is not yet
released.
For the "invalid argument" issue encountered in 22.04, could you confirm
the version of the installed libsmbclient library in 22.04?
Thanks
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adsys (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/2024377
Title:
Adsys can't fetch GPOs
Status in adsys package in Ubuntu:
Confirmed
Bug description:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums,
Reddit or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all
steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD
backend, I can log with Active Directory users however when adsys is
installed I can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get
policies for "ubuntu": can't download all gpos and assets: one or more
error while fetching GPOs and assets: can't download "ubuntuRoot":
can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot
open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
After upgrade to 23.04 the error persist same as the above.
Full info 22.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
We will only use the defaults, env variables or flags.
DEBUG Connecting as [[2504:109556]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
DEBUG Analyzing "assets"
DEBUG Analyzing "ubuntuRoot"
INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
Full info 23.04 (- verbose):
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
DEBUG Connecting as [[58811:006019]]
DEBUG New request /service/UpdatePolicy
DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
DEBUG NormalizeTargetName for "ubuntu", type "computer"
DEBUG Check if grpc request peer is authorized
DEBUG Authorized as being administrator
DEBUG GetPolicies for "ubuntu", type "computer"
DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER')
Additional info:
Domain Controller and machine are on the same subnet without firewall on any
level;
Domain Controller is a Windows Server 2019 updated to the last security
version;
Both machine and user are on the same OU with "no heritage" enabled and just
one policy added to permit usern...@domain.com.br to become root;
The info header directory is "/home/jzprates" on both logs because I've
collected them using the local account using "sudo adsysctl update -m -";
If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and
enter correctly with domain
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
** Description changed:
Bad, maybe no understandable english ahead.
Can't find anything related to this on Github, Canonical Forums, Reddit
or StackOverflow.
On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps
on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend,
I can log with Active Directory users however when adsys is installed I
can't fetch GPOs. In this version the error is:
ERROR Error from server: error while updating policy: can't get policies
for "ubuntu": can't download all gpos and assets: one or more error
while fetching GPOs and assets: can't download "ubuntuRoot": can't check
if ubuntuRoot needs refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
It happens when using "adsysctl update -m" or "adsysctl update
usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just
"adsysctl update" too.
I've upgrade the machine to 22.10 and the error changed to:
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP
client internal error: NT_STATUS_INVALID_PARAMETER
Failed to open session: (1, 'LDAP client internal error:
NT_STATUS_INVALID_PARAMETER').
-
After upgrade to 23.04 the error persist same as the above.
-
Full info 22.04 (- verbose):
-
INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
- We will only use the defaults, env variables or flags.
- DEBUG Connecting as [[2504:109556]]
- DEBUG New request /service/UpdatePolicy
- DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
- DEBUG NormalizeTargetName for "ubuntu", type "computer"
- DEBUG Check if grpc request peer is authorized
- DEBUG Authorized as being administrator
- DEBUG GetPolicies for "ubuntu", type "computer"
- DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
- DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
- DEBUG Analyzing "assets"
- DEBUG Analyzing "ubuntuRoot"
- INFO No assets directory with GPT.INI file found on AD, skipping assets
download
+ We will only use the defaults, env variables or flags.
+ DEBUG Connecting as [[2504:109556]]
+ DEBUG New request /service/UpdatePolicy
+ DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
+ DEBUG NormalizeTargetName for "ubuntu", type "computer"
+ DEBUG Check if grpc request peer is authorized
+ DEBUG Authorized as being administrator
+ DEBUG GetPolicies for "ubuntu", type "computer"
+ DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
+ DEBUG GPO "ubuntuRoot" for "ubuntu" available at
"smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}"
+ DEBUG Analyzing "assets"
+ DEBUG Analyzing "ubuntuRoot"
+ INFO No assets directory with GPT.INI file found on AD, skipping assets
download
ERROR Error from server: error while updating policy: can't get policies for
"ubuntu": can't download all gpos and assets: one or more error while fetching
GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs
refreshing: no GPT.INI file: cannot open
smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI:
invalid argument
-
Full info 23.04 (- verbose):
- INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
- DEBUG Connecting as [[58811:006019]]
- DEBUG New request /service/UpdatePolicy
- DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
- DEBUG NormalizeTargetName for "ubuntu", type "computer"
- DEBUG Check if grpc request peer is authorized
- DEBUG Authorized as being administrator
- DEBUG GetPolicies for "ubuntu", type "computer"
- DEBUG Getting gpo list with arguments: "--objectclass computer
ldap://addc01.domain.com.br ubuntu"
+ INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates
/root /etc /usr/sbin]".
+ DEBUG Connecting as [[58811:006019]]
+ DEBUG New request /service/UpdatePolicy
+ DEBUG Requesting with parameters: IsComputer: true, All: false, Target:
ubuntu, Krb5Cc:
+ DEBUG NormalizeTargetName for "ubuntu", type "computer"
+ DEBUG Check if grpc request peer is authorized
+ DEBUG Authorized as
