[Samba] GPO error after activating domain trust
- Date: Wed, 3 Apr 2019 18:22:35 +0200
- From: alessandro--- via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] GPO error after activating domain trust
this is my first post, so please be kind :)
I've a working Samba AD DC 4.7.6 installed on Ubuntu 18.04
I can join Windows Machine, manage everything with RSAT.
Yesterday I tried to estabilish a Domain Trust between my Samba Domain and a Windows 2008 domain, using "Active Directory Domains and Trusts".
The Win2008 AD is one-way on outgoing trust, and my Samba is one-way on the incoming side, both as "External" trust
After the wizard, everything works as intended, Samba users can access shares on Win2008 domain.
The problem is that after this procedure, I can't get my User GPO working, if i try a gpupdate /force on any of my windows machine joined on Samba AD DC I get this message:
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results."
As soon as I remove the trust, GPO start working again.
Anyone has any experience on that?
Here is my AD DC smb.conf
dns forwarder = 220.127.116.11 18.104.22.168
netbios name = DC1
realm = MY.MYDOM.DOM
server role = active directory domain controller
workgroup = MYDOM
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = no
path = /var/lib/samba/sysvol/ad.orange1.eu/scripts
read only = No
path = /var/lib/samba/sysvol
read only = No
Thanks for your intrest :)
To unsubscribe from this list go to the following URL and read the