[Samba] After the classicupgrade from samba3 to sernet-samba-4.2.1 , users are not able to remote desktop anymore

Mario Pio Russo mariopiorusso at ie.ibm.com
Fri May 1 06:51:03 MDT 2015 

Good Day All

I have a current working configuration of sernet-samba-4.2.1, created by
upgrading from a samba3 PDC using the classic upgrade.

Now, I have added a windows 2008 machine to the domain and I'm using the AD
snap in tools in order to browse the domain.

I can see all the users and groups and they have been imported correctly.
However I am able to remote desktop to the domain machines only with the
user "Administrator at ccdc.lan"; no other user is able to RDP.
Furthermore I am able to add machines to the domain only form the users
Administrator, and not from any other user. I have been using the Group
Policy Manager from the window  administrative tool in order to grant logon
rights to all the users belonging to the Domain User group; furthermore I
have added the users to the group Remote Desktop users, but still I have no
success at all. at the moment the group policies looks like this:

root at ccdc-samba4:/# samba-tool gpo listall
GPO          : {31B2F340-016D-11D2-945F-00C04FB984F9}
display name : Default Domain Policy
path         : \\ccdc.lan\sysvol\ccdc.lan\Policies
\{31B2F340-016D-11D2-945F-00C04FB984F9}
dn           : CN=
{31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ccdc,DC=lan
version      : 3
flags        : NONE

GPO          : {6AC1786C-016F-11D2-945F-00C04FB984F9}
display name : Default Domain Controllers Policy
path         : \\ccdc.lan\sysvol\ccdc.lan\Policies
\{6AC1786C-016F-11D2-945F-00C04FB984F9}
dn           : CN=
{6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ccdc,DC=lan
version      : 7
flags        : NONE


while from the GPM looks like this:

(Embedded image moved to file: pic08924.gif)



I have also run gpupdate /force from he windows machine and If I do
samba-tool gpo fetch <Domain Policy> I am able to see the changes I have
done from the windows snap in


I am unsure now where the problem lies, are the GPO I have modified being
applied correctly on samba 4 OR is the GPO itself that is not configured
correctly in order to allow RDP (and add machine to domain)? Or any other
issue?

Note that all this was working correctly when I did the same test upgrade
from samba 3 to samba 4.1.6

also I am able to login to every machine in the domain using my domain user
when logging in locally.

Any idea / suggestion?


thanks!

___________________________________________________________________________________________

Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariopiorusso at ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4

(Embedded image moved to file: pic19418.gif)

More information about the samba mailing list