Bug 44704 - gpupdate не синхронизируются групповые политики
Summary: gpupdate не синхронизируются групповые политики
Status: CLOSED WORKSFORME
Alias: None
Product: Branch p9
Classification: Distributions
Component: adp (show other bugs)
Version: не указана
Hardware: x86 Linux
: P5 normal
Assignee: qa-team@altlinux.org
QA Contact: qa-p9@altlinux.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-22 14:36 MSK by Nikolay Pekonkin
Modified: 2023-01-16 14:07 MSK (History)
1 user (show)

See Also:

Attachments
log (15.79 KB, text/plain)
2022-12-22 14:36 MSK, Nikolay Pekonkin 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nikolay Pekonkin 2022-12-22 14:36:25 MSK 
Created attachment 12135 [details]
log

Добрый день, можете помочь с ошибкой, при выполнении gpoa --loglevel 0 administrator
Сервер в домене, принципал есть, krb получаю:

chrome ~ # kinit -k  CHROME$
chrome ~ # kli
klines   klipper  klist
chrome ~ # klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: CHROME$@TEST.LOCAL

Valid starting       Expires              Service principal
22.12.2022 14:33:11  23.12.2022 00:33:11  krbtgt/TEST.LOCAL@TEST.LOCAL
        renew until 29.12.2022 14:33:11
chrome ~ #

cat /etc/krb5.conf

[libdefaults]
default_realm = TEST.LOCAL
udp_preference_limit = 0
dns_lookup_kdc = true
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
[realms]
 TEST.LOCAL = {
  kdc = ad.test.local:88
  admin_server = ad.test.local:749
  default_domain = test.local
 }

[domain_realm]
 .test.local = TEST.LOCAL
 test.local = TEST.LOCAL

[kdc]
 profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false

[login]
 krb4_convert = false
 krb4_get_tickets = false

chrome ~ # cat /etc/samba/smb.conf

[global]
        passdb backend = tdbsam
        winbind nss info = rfc2307
        kerberos method = system keytab
        workgroup = TEST
        realm  = test.local
        netbios name = CHROME
        security = ads
        encrypt passwords = Yes
        password server = *
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY
        os level = 0
        local master = No
        dns proxy = No
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind separator = +
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind refresh tickets = true
        winbind offline logon = true
        winbind cache time = 120
        winbind use default domain = Yes
        wins support = no
        idmap config * : range = 10000-20000000
        idmap config * : backend = tdb
[homes]
       comment = Home Directories
       browseable = no
       writable = yes

chrome ~ # cat /etc/sssd/sssd.conf

[sssd]
domains = test.local
config_file_version = 2
services = nss, pam

[domain/test.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = TEST.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%d/%u
ad_domain = test.local
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
ad_gpo_ignore_unreadable = True
ad_gpo_access_control = disabled
use_fully_qualified_names = False
chrome ~ #
Comment 1 Evgeny Shesteperov 2022-12-22 17:34:52 MSK 
Добрый день!

Пожалуйста, дополнительно предоставьте следующую информацию:

1. Операционная система, версия, на которой воспроизвелась ошибка.
2. Выводы следующих команд:

        $ uname -a
        $ cat /etc/os-release
        $ apt-repo

3. Описание стенда, как развёрнут SAMBA домен.
4. Шаги воспроизведения.
5. Ожидаемый и фактический результат.
6. Дополнительно:

        # cat /etc/gpupdate/gpupdate.ini
        # gpupdate-setup active-policy
        # systemctl status oddjobd.service
        # systemctl status gpupdate.service
Comment 2 Nikolay Pekonkin 2023-01-16 14:07:20 MSK 
Добрый день.
Основная ошибка:
gpoa --loglevel 0 administrator

2023-01-16 14:04:11.781|[D00020]| Инициализация кэша|{'cache_file': PosixPath('/var/cache/gpupdate_file_cache')}
2023-01-16 14:04:11.781|[E00004]| Ошибка фронтенда|{'message': TypeError("'use_kerberos' is an invalid keyword argument for this function"), 'file': '/usr/sbin/gpoa', 'line': 168, 'name': 'start_frontend', 'type': 'TypeError'}