[Samba] Remote Desktop Users Group not working??

Martin Juhl mj at casalogic.dk
Wed Mar 2 16:28:22 UTC 2016


Hi

My next try is to create the group myself, but the point here was that the Builtin group created by the provisioning of Samba, doesn't work...

/Martin

----- Original meddelelse -----
Fra: "L.P.H. van Belle" <belle at bazuin.nl>
Til: "samba" <samba at lists.samba.org>
Sendt: onsdag, 2. marts 2016 16:55:41
Emne: Re: [Samba] Remote Desktop Users Group not working??

Hai, 

You must have mist something.. 

I did it as followed in the GPO settings. 

I created a "DOMAIN\Allow-RDP" group in the AD. Added users to this group. 

In the GPO, i used "default computer" 
Policies - Windows settings - security settings - Restricted groups. 
Here add your DOMAIN\Allow-RDP to the Remote Desktop Users. 
And 
- Windows settings - security settings - Systemservices, 
Remote Desktop Services, set to Automatic startup. 

Administrative Templates - 
Windows components/Remote desktop services/Host external dekstop session/ connection. 
"Allow users to connect to Remote Desktop." 


Reboot the PC. 

Try again, this should work. 

This : samba-tool group addmembers "Remote Desktop Users" mj 
wil not work, so yes, this is correct. 

This might work: 
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "DOMAIN\mj" 
or 
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj" 
or 
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj at YOUR.DOM.TLD" 

Keep notice of "BUILDIN" and "DOMAIN ( YOUR.DOM.TLD )" 
The are very different things.. 

Ow and one extra thing. 

In samba set: 
winbind expand groups = 4 
The number is the depth of the groups, the higher the number the slower the auth check. 

Greetz, 

Louis 


> -----Oorspronkelijk bericht----- 
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Martin Juhl 
> Verzonden: woensdag 2 maart 2016 16:30 
> Aan: samba 
> Onderwerp: [Samba] Remote Desktop Users Group not working?? 
> 
> Hi 
> 
> I have setup a Samba AD and connected a Windows 7 machine to the AD... 
> 
> I'm having problems getting the Remote Desktop Users group to work... 
> 
> [root at bart private]# samba-tool group addmembers "Remote Desktop Users" mj 
> ldb_wrap open of secrets.ldb 
> Added members to group Remote Desktop Users 
> 
> 
> [root at bart private]# samba-tool group listmembers "Remote Desktop Users" 
> ldb_wrap open of secrets.ldb 
> mj 
> 
> 
> Still I get the 
> 
> "To log on to this remote computer, you must be granted the Allow log on 
> through Terminal Services right. By default, members of the Remote Desktop 
> Users group have this right. If you are not a member of the Remote Desktop 
> Users group or another group that has this right, or if the Remote Desktop 
> User group does not have this right, you must be granted this right 
> manually." 
> 
> 
> If I add the user to the Domain Admins group, I have no problem logging on 
> through Remote Desktop.... 
> 
> I have also connected a Linux machine to the Domain through SSSD and the 
> AD connector... And it cannot see the Remote Desktop Users group... 
> 
> It seems like this is a problem with the Builtin groups??? 
> 
> [root at lisa shared]# id mj 
> uid=1141201110(mj) gid=1141200513(domain users) grupper=1141200513(domain 
> users) 
> 
> 
> Any ideas??? 
> 
> Regards 
> 
> Martin 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 



-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 




More information about the samba mailing list