[Samba] Logon privilege denied using Samba PDC with terminal
patrick_camilleri at yahoo.co.uk
Tue Nov 25 22:10:37 GMT 2008
I have a Windows Server 2008 with terminal services enabled joined to a
Samba domain (SuSe server) and I'm able to login as 'domain\user' when I'm
physically sitting at the Windows Server 2008 box. The problem arises when I
try to logon via RDP using 'domain\user' onto the Windows Server machine. I
get an error message telling me that 'Your interactive logon privilege has
been disabled. Please contact your administrator.'
I also tried this with a Windows Server 2003 machine with a similar outcome.
The error message this time was 'You have been denied permissions to log on
to terminal servers. To resolve this problem, your administrator must clear
the Deny this user permissions to log on to any terminal server check box in
the Terminal Server Profile settings tab.' Of course when checking in the
'Group Policy Object Editor' I don't find any restrictions. I'm checking at
this particular location: Local Computer Policy->Computer
Configuration->Windows Settings->Security Settings->Local Policies->User
Rights Assignment->Deny log on through Terminal Services.
I did add the Samba LDAP group (of the users that I want to give RDP access)
to the 'Remote Desktop Users' group on the Windows Server (2008 as well as
2003) machine, i.e. the domain users DO have permission to access the
Server over RDP but to no avail. The only user I was able to get to logon
RDP was the user 'domain\root'.
Could this problem be related to the default groups that need to be defined
in the Samba PDC, mainly Domain Admins, Domain Users and Domain Guests? Or
maybe because I'm not setting up any policies in the netlogon Samba folder?
Any help greatly appreciated!
More information about the samba