[Samba] After the classicupgrade from samba3 to sernet-samba-4.2.1 , users are not able to remote desktop anymore
Mario Pio Russo
mariopiorusso at ie.ibm.com
Fri May 1 06:51:03 MDT 2015
Good Day All
I have a current working configuration of sernet-samba-4.2.1, created by
upgrading from a samba3 PDC using the classic upgrade.
Now, I have added a windows 2008 machine to the domain and I'm using the AD
snap in tools in order to browse the domain.
I can see all the users and groups and they have been imported correctly.
However I am able to remote desktop to the domain machines only with the
user "Administrator at ccdc.lan"; no other user is able to RDP.
Furthermore I am able to add machines to the domain only form the users
Administrator, and not from any other user. I have been using the Group
Policy Manager from the window administrative tool in order to grant logon
rights to all the users belonging to the Domain User group; furthermore I
have added the users to the group Remote Desktop users, but still I have no
success at all. at the moment the group policies looks like this:
root at ccdc-samba4:/# samba-tool gpo listall
GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
display name : Default Domain Policy
path : \\ccdc.lan\sysvol\ccdc.lan\Policies
\{31B2F340-016D-11D2-945F-00C04FB984F9}
dn : CN=
{31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ccdc,DC=lan
version : 3
flags : NONE
GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path : \\ccdc.lan\sysvol\ccdc.lan\Policies
\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn : CN=
{6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ccdc,DC=lan
version : 7
flags : NONE
while from the GPM looks like this:
(Embedded image moved to file: pic08924.gif)
I have also run gpupdate /force from he windows machine and If I do
samba-tool gpo fetch <Domain Policy> I am able to see the changes I have
done from the windows snap in
I am unsure now where the problem lies, are the GPO I have modified being
applied correctly on samba 4 OR is the GPO itself that is not configured
correctly in order to allow RDP (and add machine to domain)? Or any other
issue?
Note that all this was working correctly when I did the same test upgrade
from samba 3 to samba 4.1.6
also I am able to login to every machine in the domain using my domain user
when logging in locally.
Any idea / suggestion?
thanks!
___________________________________________________________________________________________
Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariopiorusso at ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
(Embedded image moved to file: pic19418.gif)
More information about the samba
mailing list