[Samba] windows doesn't detect the correct group memberships
Florian Scholz
florian90 at gmail.com
Fri Oct 21 15:45:41 MDT 2011
Hi. I have a little problem..
Currently I'm using a LDAP+Samba configuration by using the smbldap-tools.
On a client computer I permitted all members of the groupmapping
(unix: remote windows: ) to use remote desktop by adding this group.
But Windows 7 and Vista are telling me that this user doesn't have the
required privileges for using remote access.. So I tried debugging:
net user /DOMAIN username shows the correct groups but parsing the
grouplist of the windows user only shows local groups and the Domain
Users group (the admin told me that this list should contain the
current user's groups, too)-
Do you have any idea? I appended the current configuration for samba 3.6.0-8.
Florian Scholz
-------------- next part --------------
[global]
max protocol = SMB2
workgroup = ASTA
netbios name = samba
server string = %h PDC (%v)
comment = %h PDC (%v)
interfaces = 10.20.30.253 127.0.0.1
bind interfaces only = yes
enable privileges = yes
time server = yes
dns proxy = no
admin users = root,admin
wide links = no
# PDC
os level = 65
security = user
encrypt passwords = yes
domain logons = yes
domain master = yes
preferred master = yes
local master = yes
# ldap
ldap suffix = dc=asta,dc=lan
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap admin dn = cn=admin,dc=asta,dc=lan
ldap passwd sync = yes
idmap config * : backend = ldap
idmap config * : range = 1000-20000
ldap idmap suffix = ou=Idmap
ldap ssl = no
ldap delete dn = no
ldap passwd sync = yes
unix password sync = yes
passdb backend = ldapsam:ldap://192.168.100.253
passwd program = /usr/bin/passwd %u.
add user script = /usr/bin/smbldap-useradd -m "%u"
delete user script = /usr/bin/smbldap-userdel "%u"
add machine script = /usr/bin/smbldap-useradd -W "%u"
add group script = /usr/bin/smbldap-groupadd -p "%g"
delete group script = /usr/bin/smbldap-groupdel "%g"
add user to group script = /usr/bin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/bin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/bin/smbldap-usermod -g "%g" "%u"
template shell = /bin/false
template homedir = /home/%U
hide files = /desktop.ini/profile.V2/$RECYCLE.BIN/
#obey pam restrictions = yes
client NTLMv2 auth = no
client lanman auth = no
logon drive = h:
logon script = netlogon.bat
socket options = TCP_NODELAY
log level = 2 auth:3 smb:3
log file = /var/log/samba/%U.log
max log size = 1000
# map untrusted to domain = yes
#winbind use default domain = yes
#winbind enum users = yes
#winbind enum groups = yes
#winbind gid = 10000-20000
#winbind separator = +
[scans]
comment = Scans
path = /home/samba/asta/Scans
browsable = no
writeable = yes
create mask = 0777
directory mask = 0777
[asta]
comment = asta
path = /home/samba/asta
browsable = yes
writeable = yes
hide unreadable = yes
hide special files = yes
create mask = 0775
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
browseable = no
public = yes
[profiles]
comment = User Profiles
create mask = 0700
directory mask = 0700
writeable = yes
browsable = no
[homes]
comment = Home Directory %U
create mask = 0755
directory mask = 0755
writeable = yes
browsable = no
[home]
path = /home
browsable = no
writeable = yes
create mask = 0775
directory mask = 0775
valid users = "@Domain Admins", at edv
admin users = @edv
[0815]
path = /opt/0815
browsable = yes
writeable = yes
create mask = 0775
directory mask = 0775
valid users = "@Domain Users"
More information about the samba
mailing list