Error and problems with groups
Matthieu Patou
mat at matws.net
Tue Sep 23 17:19:31 GMT 2008
After a more complete inspection it is not only the Computers group that
has this problem but also all the default group of the AD:
* Entreprise Admin
* Domain users
* Domain admins
...
At the same time I had a message in the windows registry that says :
CN=Administrator,CN=Users,DC=smb4,DC=tst from a different forest logged
onto this machine. Cross Forest Group Policy processing is disabled and
loopback processing has been enforced in this forest for this user account.
(The same message with every users in fact).
I think that this message might be related to the loss of group members.
Any comment ?
Matthieu.
>
> When I tried to view the properties of "Domain Computers" group through
> the Active Directory tool (dsa.msc) the Members tab was empty and if I
> tried to see the Member of tab I had the message :
> "The object cannot be found in the global catalog. If the object is new,
> wait for it to replicate (about 5 minutes) It is also possible that the
> global catalog is unavailable. If so group membership outside of the
> object's domain will not be listed.
> I am running a fairly recent samba4 : c273d63
>
> The second question is: Samba4 in the windows side is able to handle
> group security when group member are already groups ?
> That is if user foo is member of group bar and that group bar is member
> of group baz then is full control is granted to baz then foo should full
> control (of course unless remove rights are applied to foo or one of its
> group) ?
>
> Regards.
>
> Matthieu.
More information about the samba-technical
mailing list