Summary: | net-fs/samba-4.2.14 with app-crypt/heimdal and Windows 10: gpupdate: The processing of Group Policy failed. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Rainer Meier <rme> |
Component: | Current packages | Assignee: | Gentoo's SAMBA Team <samba> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | doug-gentoo, jah, mrpoole, rickv |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Rainer Meier
2016-08-13 20:53:37 UTC
Actually the gpupdate issue also exists with Windows 7 clients. Moreover I had an authentication issue updating the DNS name while domain-join was in progress. The DNS issue might be related. But I think the GPO update issue exists with Windows 7 and Windows 10 clients using Gentoo ebuild with system Heimdal. I would like to say that I have faced the same issue, and confirm that this fix works. I also have a rarely-used Windows 2008 server instance that seems to have completely hosed policies requiring a reinstall, coinciding with my upgrade to Samba 4.2.11 (only noticed after a reboot of that VM). I would also like to point out that it seems bug 594130 is a duplicate of this one. Most likely it will never be safe to use a system Heimdal unless someone wants to port any local changes in the Samba sources to the system Heimdal with every release. This solves a few issues for me as well. I can confirm the bug. And broken Group Policy is quite a bug indeed. For what I gather, any samba ebuild >4.2.9 is broken as a DC? Well fsck. I know bundled libraries are evil, so I don't know what's the right thing to do here, but this is in dire need of a fix. I got it going by removing the patch and setting bundles to 'heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,compile_et,NONE'. YMMV? I have an update on this. It looks like it's fixed by changes done in Samba 4.5.4 ebuild. The ebuild now includes a couple of bundled libraries including Kerberos. Unfortunately version 4.5.4 is still masked. So it will take a while until this version is available to everyone. The official 4.2.x release can be patched as described here to include bundled libraries. The bug is actually not resolved but will eventually become obsolete on the release of Samba 4.5.x ebuild. The workaround offered here worked for me also. My first symptom was not being able to use the Windows machine DNS tool. Then I established that policies were not being deployed. I'm not happy about using bundled librarys, but Samba is key to my configuration so I'll live with it until we find a better solution. |