[Samba] Remote Desktop Users Group not working??
Martin Juhl
mj at casalogic.dk
Wed Mar 2 16:28:22 UTC 2016
Hi
My next try is to create the group myself, but the point here was that the Builtin group created by the provisioning of Samba, doesn't work...
/Martin
----- Original meddelelse -----
Fra: "L.P.H. van Belle" <belle at bazuin.nl>
Til: "samba" <samba at lists.samba.org>
Sendt: onsdag, 2. marts 2016 16:55:41
Emne: Re: [Samba] Remote Desktop Users Group not working??
Hai,
You must have mist something..
I did it as followed in the GPO settings.
I created a "DOMAIN\Allow-RDP" group in the AD. Added users to this group.
In the GPO, i used "default computer"
Policies - Windows settings - security settings - Restricted groups.
Here add your DOMAIN\Allow-RDP to the Remote Desktop Users.
And
- Windows settings - security settings - Systemservices,
Remote Desktop Services, set to Automatic startup.
Administrative Templates -
Windows components/Remote desktop services/Host external dekstop session/ connection.
"Allow users to connect to Remote Desktop."
Reboot the PC.
Try again, this should work.
This : samba-tool group addmembers "Remote Desktop Users" mj
wil not work, so yes, this is correct.
This might work:
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "DOMAIN\mj"
or
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj"
or
samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj at YOUR.DOM.TLD"
Keep notice of "BUILDIN" and "DOMAIN ( YOUR.DOM.TLD )"
The are very different things..
Ow and one extra thing.
In samba set:
winbind expand groups = 4
The number is the depth of the groups, the higher the number the slower the auth check.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Martin Juhl
> Verzonden: woensdag 2 maart 2016 16:30
> Aan: samba
> Onderwerp: [Samba] Remote Desktop Users Group not working??
>
> Hi
>
> I have setup a Samba AD and connected a Windows 7 machine to the AD...
>
> I'm having problems getting the Remote Desktop Users group to work...
>
> [root at bart private]# samba-tool group addmembers "Remote Desktop Users" mj
> ldb_wrap open of secrets.ldb
> Added members to group Remote Desktop Users
>
>
> [root at bart private]# samba-tool group listmembers "Remote Desktop Users"
> ldb_wrap open of secrets.ldb
> mj
>
>
> Still I get the
>
> "To log on to this remote computer, you must be granted the Allow log on
> through Terminal Services right. By default, members of the Remote Desktop
> Users group have this right. If you are not a member of the Remote Desktop
> Users group or another group that has this right, or if the Remote Desktop
> User group does not have this right, you must be granted this right
> manually."
>
>
> If I add the user to the Domain Admins group, I have no problem logging on
> through Remote Desktop....
>
> I have also connected a Linux machine to the Domain through SSSD and the
> AD connector... And it cannot see the Remote Desktop Users group...
>
> It seems like this is a problem with the Builtin groups???
>
> [root at lisa shared]# id mj
> uid=1141201110(mj) gid=1141200513(domain users) grupper=1141200513(domain
> users)
>
>
> Any ideas???
>
> Regards
>
> Martin
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list