[Samba] After the classicupgrade from samba3 to sernet-samba-4.2.1 , users are not able to remote desktop anymore
L.P.H. van Belle
belle at bazuin.nl
Fri May 1 06:55:22 MDT 2015
correct.
bug still exists, just tested also on latest git master.
see : https://bugzilla.samba.org/show_bug.cgi?id=11061
temp solution.
try adding :
auth methods = sam, winbind
to smb.conf on the dc and restart the DC.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: mariopiorusso at ie.ibm.com
>[mailto:samba-bounces at lists.samba.org] Namens Mario Pio Russo
>Verzonden: vrijdag 1 mei 2015 14:51
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] After the classicupgrade from samba3 to
>sernet-samba-4.2.1 , users are not able to remote desktop anymore
>
>
>Good Day All
>
>I have a current working configuration of sernet-samba-4.2.1,
>created by
>upgrading from a samba3 PDC using the classic upgrade.
>
>Now, I have added a windows 2008 machine to the domain and I'm
>using the AD
>snap in tools in order to browse the domain.
>
>I can see all the users and groups and they have been imported
>correctly.
>However I am able to remote desktop to the domain machines
>only with the
>user "Administrator at ccdc.lan"; no other user is able to RDP.
>Furthermore I am able to add machines to the domain only form the users
>Administrator, and not from any other user. I have been using the Group
>Policy Manager from the window administrative tool in order
>to grant logon
>rights to all the users belonging to the Domain User group;
>furthermore I
>have added the users to the group Remote Desktop users, but
>still I have no
>success at all. at the moment the group policies looks like this:
>
>root at ccdc-samba4:/# samba-tool gpo listall
>GPO : {31B2F340-016D-11D2-945F-00C04FB984F9}
>display name : Default Domain Policy
>path : \\ccdc.lan\sysvol\ccdc.lan\Policies
>\{31B2F340-016D-11D2-945F-00C04FB984F9}
>dn : CN=
>{31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC
>=ccdc,DC=lan
>version : 3
>flags : NONE
>
>GPO : {6AC1786C-016F-11D2-945F-00C04FB984F9}
>display name : Default Domain Controllers Policy
>path : \\ccdc.lan\sysvol\ccdc.lan\Policies
>\{6AC1786C-016F-11D2-945F-00C04FB984F9}
>dn : CN=
>{6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC
>=ccdc,DC=lan
>version : 7
>flags : NONE
>
>
>while from the GPM looks like this:
>
>(Embedded image moved to file: pic08924.gif)
>
>
>
>I have also run gpupdate /force from he windows machine and If I do
>samba-tool gpo fetch <Domain Policy> I am able to see the
>changes I have
>done from the windows snap in
>
>
>I am unsure now where the problem lies, are the GPO I have
>modified being
>applied correctly on samba 4 OR is the GPO itself that is not
>configured
>correctly in order to allow RDP (and add machine to domain)?
>Or any other
>issue?
>
>Note that all this was working correctly when I did the same
>test upgrade
>from samba 3 to samba 4.1.6
>
>also I am able to login to every machine in the domain using
>my domain user
>when logging in locally.
>
>Any idea / suggestion?
>
>
>thanks!
>
>_______________________________________________________________
>____________________________
>
>Mario Pio Russo, System Admin SWG IT Services Dublin, Phone &
>FAX: +353 1
>815 2236, eMail: mariopiorusso at ie.ibm.com
>IBM Ireland Product Distribution Limited registered in Ireland
>with number
>92815. Registered Office: IBM House, Shelbourne Road,
>Ballsbridge, Dublin 4
>
>(Embedded image moved to file: pic19418.gif)--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list