[Samba] Problems connecting win7 client to new Samba PDC

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Aug 10 06:50:42 MDT 2012 

The Domain Users group should have automatically been added to the local
users group when you joined the domain. 

When I upgraded from Samba 3.0.x to 3.5.x I had a error in the group
mappings on one of the DC's that cause problems for a while.   I also
had to explicitly add a mapping for the nobody user and group.

I think I may have  explicitly granted the domain administrator the
privileged to add machines to the domain

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html#rp-privs

But I think I only had to do that because the administrator was not
recognized as being a domain admin (or local admin) because the group
mapping was broken.

If you add a network user to the local admin group, and login works,
then there is definitely a local security issue.    My guess is that the
OS creates the new user local profile directory but then has problems
assigning file permissions/ownership for the network user. 


On XP , if you right click My Computer and look at profiles, you could
see if the profile for a user was local, roaming or temporary.  Win 7
should have the same option.




On 08/09/12 18:03, Brandon wrote:
>> Are your group mappings correct?   I ask because it may be that the
>> "Domain Users" is not properly recognized as a member of the "Users"
>> group on the PC.  Can you login as the domain (or local) admins and
>> explicitly add domain users and domain groups to a local group?
>
> An update to this: I was able to add domain users after a reboot.  So
> I've added MYWORKGROUP\myadmin to my Users group on the local machine.
>
> I was also able to search my domain for users, and came up with a list
> of my users, a nobody user, and a Domain Admins group.  I've added
> MYWORKGROUP\myadmin (user) and MYWORKGROUP\Domain Admins (group) to
> the User group on the local machine.  I am still getting the same
> errors when logging on though.
>
> It seems to me like it's trying to pull a roaming profile when I have
> roaming profiles disabled (or I thought I did), and/or windows doesn't
> actually know the netbios name, based on the series of these events:
>
> Windows cannot copy file \\?\C:\Users\Default\Documents to location
> \\?\C:\Users\TEMP.MYWORKGROUP\Documents. This error may be caused by
> network problems or insufficient security rights.
>
>

More information about the samba mailing list