[Samba] After the classicupgrade from samba3 to sernet-samba-4.2.1 , users are not able to remote desktop anymore

L.P.H. van Belle belle at bazuin.nl
Fri May 1 06:55:22 MDT 2015


bug still exists, just tested also on latest git master. 
see : https://bugzilla.samba.org/show_bug.cgi?id=11061 

temp solution. 

try adding :  
auth methods = sam, winbind  
to smb.conf on the dc and restart the DC. 



>-----Oorspronkelijk bericht-----
>Van: mariopiorusso at ie.ibm.com 
>[mailto:samba-bounces at lists.samba.org] Namens Mario Pio Russo
>Verzonden: vrijdag 1 mei 2015 14:51
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] After the classicupgrade from samba3 to 
>sernet-samba-4.2.1 , users are not able to remote desktop anymore
>Good Day All
>I have a current working configuration of sernet-samba-4.2.1, 
>created by
>upgrading from a samba3 PDC using the classic upgrade.
>Now, I have added a windows 2008 machine to the domain and I'm 
>using the AD
>snap in tools in order to browse the domain.
>I can see all the users and groups and they have been imported 
>However I am able to remote desktop to the domain machines 
>only with the
>user "Administrator at ccdc.lan"; no other user is able to RDP.
>Furthermore I am able to add machines to the domain only form the users
>Administrator, and not from any other user. I have been using the Group
>Policy Manager from the window  administrative tool in order 
>to grant logon
>rights to all the users belonging to the Domain User group; 
>furthermore I
>have added the users to the group Remote Desktop users, but 
>still I have no
>success at all. at the moment the group policies looks like this:
>root at ccdc-samba4:/# samba-tool gpo listall
>GPO          : {31B2F340-016D-11D2-945F-00C04FB984F9}
>display name : Default Domain Policy
>path         : \\ccdc.lan\sysvol\ccdc.lan\Policies
>dn           : CN=
>version      : 3
>flags        : NONE
>GPO          : {6AC1786C-016F-11D2-945F-00C04FB984F9}
>display name : Default Domain Controllers Policy
>path         : \\ccdc.lan\sysvol\ccdc.lan\Policies
>dn           : CN=
>version      : 7
>flags        : NONE
>while from the GPM looks like this:
>(Embedded image moved to file: pic08924.gif)
>I have also run gpupdate /force from he windows machine and If I do
>samba-tool gpo fetch <Domain Policy> I am able to see the 
>changes I have
>done from the windows snap in
>I am unsure now where the problem lies, are the GPO I have 
>modified being
>applied correctly on samba 4 OR is the GPO itself that is not 
>correctly in order to allow RDP (and add machine to domain)? 
>Or any other
>Note that all this was working correctly when I did the same 
>test upgrade
>from samba 3 to samba 4.1.6
>also I am able to login to every machine in the domain using 
>my domain user
>when logging in locally.
>Any idea / suggestion?
>Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & 
>FAX: +353 1
>815 2236, eMail: mariopiorusso at ie.ibm.com
>IBM Ireland Product Distribution Limited registered in Ireland 
>with number
>92815. Registered Office: IBM House, Shelbourne Road, 
>Ballsbridge, Dublin 4
>(Embedded image moved to file: pic19418.gif)-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list