Web lists-archives.com

Re: [Samba] gpo not applied a boot computer




thank you for your reply. bind rights are correct.
>
> but the problem does not come from the dns, they are well updated.
>
> gpo are not applied only to the startup of the computer. After a user logs
>> in, the gpupdate / force command is applied correctly.
>
> the samba server side logs are:
>
>

> [2019/02/26 12:20:06.751340,  2] ../source3/smbd/service.c:1120(close_cnum)
>>
>> S server Update(krb5)(1) Update failed:  Miscellaneous failure (see
>>> text): Decrypt integrity check failed
>>
>> [2019/02/25 10:21:11.914286,  1]
>>> ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
>>
>>   gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
>>> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
>>
>>

> the logs on windows 10 are: error id : 1130 and  1058
>
>
thank

>
>
> In my notes if you use --dns-backend=BIND9_DLZ
>
> # To start named (bind)
> chgrp named /var/lib/samba/private
> chmod g+rx /var/lib/samba/private
>
> Samba 4.8
> ls -lai /var/lib/samba/bind-dns/dns/sam.ldb.d/
> (everything 660 e root:named)
>
> ll /var/lib/samba/bind-dns/dns/
> -rw-rw---- 1 root named 3014656 Nov 15 16:36 sam.ldb
> drwxrwx--- 2 root named     281 Nov 15 16:36 sam.ldb.d
>
> chmod g+w /var/lib/samba/bind-dns
> chgrp named /var/lib/samba/private/dns.keytab
> chmod g+r  /var/lib/samba/private/dns.keytab
>
>
>
> --
> Sérgio M. B.
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba