[Samba] Re: Logon privilege denied using Samba PDC with
terminalservices
Patrick Camilleri
patrick_camilleri at yahoo.co.uk
Wed Nov 26 23:50:53 GMT 2008
Finally managed to figure out what the problem was! Somehow in my LDAP
database I had a corrupted SambaMungedDial entry which the cause of all my
troubles. I remember vaguely that it was generated by same ldap tool and I
(foolishly) not knowing what it was just copied (in a wrong format) to all
the other users.
Actually could anybody point me to some documentation about the purpose of
the SambaMungedDial entry in the LDAP database? I wasn't able to find any
useful information in the Samba documentation other than that it's an
attribute in the samba schema. Is it necessary for joining Windows machines
to a Samba PDC?
Thanks,
Patrick
"Patrick Camilleri" <patrick_camilleri at yahoo.co.uk> wrote in message
news:004f01c94f4a$a7edbf00$f7c93d00$@co.uk...
> Hello everybody,
>
>
>
> I have a Windows Server 2008 with terminal services enabled joined to a
> Samba domain (SuSe server) and I'm able to login as 'domain\user' when I'm
> physically sitting at the Windows Server 2008 box. The problem arises when
> I
>
> try to logon via RDP using 'domain\user' onto the Windows Server machine.
> I
> get an error message telling me that 'Your interactive logon privilege has
> been disabled. Please contact your administrator.'
>
> I also tried this with a Windows Server 2003 machine with a similar
> outcome.
>
> The error message this time was 'You have been denied permissions to log
> on
> to terminal servers. To resolve this problem, your administrator must
> clear
> the Deny this user permissions to log on to any terminal server check box
> in
>
> the Terminal Server Profile settings tab.' Of course when checking in the
> 'Group Policy Object Editor' I don't find any restrictions. I'm checking
> at
> this particular location: Local Computer Policy->Computer
> Configuration->Windows Settings->Security Settings->Local Policies->User
> Rights Assignment->Deny log on through Terminal Services.
>
> I did add the Samba LDAP group (of the users that I want to give RDP
> access)
>
> to the 'Remote Desktop Users' group on the Windows Server (2008 as well as
> 2003) machine, i.e. the domain users DO have permission to access the
> Windows
> Server over RDP but to no avail. The only user I was able to get to logon
> via
> RDP was the user 'domain\root'.
>
> Could this problem be related to the default groups that need to be
> defined
> in the Samba PDC, mainly Domain Admins, Domain Users and Domain Guests? Or
> maybe because I'm not setting up any policies in the netlogon Samba
> folder?
>
> Any help greatly appreciated!
>
> Thanks,
> Patrick
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list