[Samba] Remote Desktop Users Group not working??

L.P.H. van Belle belle at bazuin.nl
Wed Mar 2 15:55:41 UTC 2016 

Hai, 

You must have mist something.. 

I did it as followed in the GPO settings. 

I created a "DOMAIN\Allow-RDP" group in the AD. Added users to this group. 

In the GPO, i used "default computer" 
Policies -  Windows settings - security settings - Restricted groups. 
		Here add your DOMAIN\Allow-RDP  to the Remote Desktop Users. 
And 
		- Windows settings - security settings - Systemservices, 
		Remote Desktop Services, set to Automatic startup. 

Administrative Templates - 
Windows components/Remote desktop services/Host external dekstop session/ connection. 
"Allow users to connect to Remote Desktop." 


Reboot the PC. 

Try again, this should work. 

This :  samba-tool group addmembers "Remote Desktop Users" mj 
wil not work, so yes, this is correct. 

This might work: 
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "DOMAIN\mj" 
or 
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj"
or
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj at YOUR.DOM.TLD"

Keep notice of "BUILDIN" and "DOMAIN ( YOUR.DOM.TLD )"
The are very different things.. 

Ow and one extra thing. 

In samba set: 
winbind expand groups = 4 
The number is the depth of the groups, the higher the number the slower the auth check. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Martin Juhl
> Verzonden: woensdag 2 maart 2016 16:30
> Aan: samba
> Onderwerp: [Samba] Remote Desktop Users Group not working??
> 
> Hi
> 
> I have setup a Samba AD and connected a Windows 7 machine to the AD...
> 
> I'm having problems getting the Remote Desktop Users group to work...
> 
> [root at bart private]# samba-tool group addmembers "Remote Desktop Users" mj
> ldb_wrap open of secrets.ldb
> Added members to group Remote Desktop Users
> 
> 
> [root at bart private]# samba-tool group listmembers "Remote Desktop Users"
> ldb_wrap open of secrets.ldb
> mj
> 
> 
> Still I get the
> 
> "To log on to this remote computer, you must be granted the Allow log on
> through Terminal Services right. By default, members of the Remote Desktop
> Users group have this right. If you are not a member of the Remote Desktop
> Users group or another group that has this right, or if the Remote Desktop
> User group does not have this right, you must be granted this right
> manually."
> 
> 
> If I add the user to the Domain Admins group, I have no problem logging on
> through Remote Desktop....
> 
> I have also connected a Linux machine to the Domain through SSSD and the
> AD connector... And it cannot see the Remote Desktop Users group...
> 
> It seems like this is a problem with the Builtin groups???
> 
> [root at lisa shared]# id mj
> uid=1141201110(mj) gid=1141200513(domain users) grupper=1141200513(domain
> users)
> 
> 
> Any ideas???
> 
> Regards
> 
> Martin
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list