Hi I have setup a Samba AD and connected a Windows 7 machine to the AD... I'm having problems getting the Remote Desktop Users group to work... [root at bart private]# samba-tool group addmembers "Remote Desktop Users" mj ldb_wrap open of secrets.ldb Added members to group Remote Desktop Users [root at bart private]# samba-tool group listmembers "Remote Desktop Users" ldb_wrap open of secrets.ldb mj Still I get the "To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User group does not have this right, you must be granted this right manually." If I add the user to the Domain Admins group, I have no problem logging on through Remote Desktop.... I have also connected a Linux machine to the Domain through SSSD and the AD connector... And it cannot see the Remote Desktop Users group... It seems like this is a problem with the Builtin groups??? [root at lisa shared]# id mj uid=1141201110(mj) gid=1141200513(domain users) grupper=1141200513(domain users) Any ideas??? Regards Martin
Hai, You must have mist something.. I did it as followed in the GPO settings. I created a "DOMAIN\Allow-RDP" group in the AD. Added users to this group. In the GPO, i used "default computer" Policies - Windows settings - security settings - Restricted groups. Here add your DOMAIN\Allow-RDP to the Remote Desktop Users. And - Windows settings - security settings - Systemservices, Remote Desktop Services, set to Automatic startup. Administrative Templates - Windows components/Remote desktop services/Host external dekstop session/ connection. "Allow users to connect to Remote Desktop." Reboot the PC. Try again, this should work. This : samba-tool group addmembers "Remote Desktop Users" mj wil not work, so yes, this is correct. This might work: samba-tool group addmembers "BUILDIN\Remote Desktop Users" "DOMAIN\mj" or samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj" or samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj at YOUR.DOM.TLD" Keep notice of "BUILDIN" and "DOMAIN ( YOUR.DOM.TLD )" The are very different things.. Ow and one extra thing. In samba set: winbind expand groups = 4 The number is the depth of the groups, the higher the number the slower the auth check. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Martin Juhl > Verzonden: woensdag 2 maart 2016 16:30 > Aan: samba > Onderwerp: [Samba] Remote Desktop Users Group not working?? > > Hi > > I have setup a Samba AD and connected a Windows 7 machine to the AD... > > I'm having problems getting the Remote Desktop Users group to work... > > [root at bart private]# samba-tool group addmembers "Remote Desktop Users" mj > ldb_wrap open of secrets.ldb > Added members to group Remote Desktop Users > > > [root at bart private]# samba-tool group listmembers "Remote Desktop Users" > ldb_wrap open of secrets.ldb > mj > > > Still I get the > > "To log on to this remote computer, you must be granted the Allow log on > through Terminal Services right. By default, members of the Remote Desktop > Users group have this right. If you are not a member of the Remote Desktop > Users group or another group that has this right, or if the Remote Desktop > User group does not have this right, you must be granted this right > manually." > > > If I add the user to the Domain Admins group, I have no problem logging on > through Remote Desktop.... > > I have also connected a Linux machine to the Domain through SSSD and the > AD connector... And it cannot see the Remote Desktop Users group... > > It seems like this is a problem with the Builtin groups??? > > [root at lisa shared]# id mj > uid=1141201110(mj) gid=1141200513(domain users) grupper=1141200513(domain > users) > > > Any ideas??? > > Regards > > Martin > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hi My next try is to create the group myself, but the point here was that the Builtin group created by the provisioning of Samba, doesn't work... /Martin ----- Original meddelelse ----- Fra: "L.P.H. van Belle" <belle at bazuin.nl> Til: "samba" <samba at lists.samba.org> Sendt: onsdag, 2. marts 2016 16:55:41 Emne: Re: [Samba] Remote Desktop Users Group not working?? Hai, You must have mist something.. I did it as followed in the GPO settings. I created a "DOMAIN\Allow-RDP" group in the AD. Added users to this group. In the GPO, i used "default computer" Policies - Windows settings - security settings - Restricted groups. Here add your DOMAIN\Allow-RDP to the Remote Desktop Users. And - Windows settings - security settings - Systemservices, Remote Desktop Services, set to Automatic startup. Administrative Templates - Windows components/Remote desktop services/Host external dekstop session/ connection. "Allow users to connect to Remote Desktop." Reboot the PC. Try again, this should work. This : samba-tool group addmembers "Remote Desktop Users" mj wil not work, so yes, this is correct. This might work: samba-tool group addmembers "BUILDIN\Remote Desktop Users" "DOMAIN\mj" or samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj" or samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj at YOUR.DOM.TLD" Keep notice of "BUILDIN" and "DOMAIN ( YOUR.DOM.TLD )" The are very different things.. Ow and one extra thing. In samba set: winbind expand groups = 4 The number is the depth of the groups, the higher the number the slower the auth check. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Martin Juhl > Verzonden: woensdag 2 maart 2016 16:30 > Aan: samba > Onderwerp: [Samba] Remote Desktop Users Group not working?? > > Hi > > I have setup a Samba AD and connected a Windows 7 machine to the AD... > > I'm having problems getting the Remote Desktop Users group to work... > > [root at bart private]# samba-tool group addmembers "Remote Desktop Users" mj > ldb_wrap open of secrets.ldb > Added members to group Remote Desktop Users > > > [root at bart private]# samba-tool group listmembers "Remote Desktop Users" > ldb_wrap open of secrets.ldb > mj > > > Still I get the > > "To log on to this remote computer, you must be granted the Allow log on > through Terminal Services right. By default, members of the Remote Desktop > Users group have this right. If you are not a member of the Remote Desktop > Users group or another group that has this right, or if the Remote Desktop > User group does not have this right, you must be granted this right > manually." > > > If I add the user to the Domain Admins group, I have no problem logging on > through Remote Desktop.... > > I have also connected a Linux machine to the Domain through SSSD and the > AD connector... And it cannot see the Remote Desktop Users group... > > It seems like this is a problem with the Builtin groups??? > > [root at lisa shared]# id mj > uid=1141201110(mj) gid=1141200513(domain users) grupper=1141200513(domain > users) > > > Any ideas??? > > Regards > > Martin > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba