Hi My next try is to create the group myself, but the point here was that the Builtin group created by the provisioning of Samba, doesn't work... /Martin ----- Original meddelelse ----- Fra: "L.P.H. van Belle" <belle at bazuin.nl> Til: "samba" <samba at lists.samba.org> Sendt: onsdag, 2. marts 2016 16:55:41 Emne: Re: [Samba] Remote Desktop Users Group not working?? Hai, You must have mist something.. I did it as followed in the GPO settings. I created a "DOMAIN\Allow-RDP" group in the AD. Added users to this group. In the GPO, i used "default computer" Policies - Windows settings - security settings - Restricted groups. Here add your DOMAIN\Allow-RDP to the Remote Desktop Users. And - Windows settings - security settings - Systemservices, Remote Desktop Services, set to Automatic startup. Administrative Templates - Windows components/Remote desktop services/Host external dekstop session/ connection. "Allow users to connect to Remote Desktop." Reboot the PC. Try again, this should work. This : samba-tool group addmembers "Remote Desktop Users" mj wil not work, so yes, this is correct. This might work: samba-tool group addmembers "BUILDIN\Remote Desktop Users" "DOMAIN\mj" or samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj" or samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj at YOUR.DOM.TLD" Keep notice of "BUILDIN" and "DOMAIN ( YOUR.DOM.TLD )" The are very different things.. Ow and one extra thing. In samba set: winbind expand groups = 4 The number is the depth of the groups, the higher the number the slower the auth check. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Martin Juhl > Verzonden: woensdag 2 maart 2016 16:30 > Aan: samba > Onderwerp: [Samba] Remote Desktop Users Group not working?? > > Hi > > I have setup a Samba AD and connected a Windows 7 machine to the AD... > > I'm having problems getting the Remote Desktop Users group to work... > > [root at bart private]# samba-tool group addmembers "Remote Desktop Users" mj > ldb_wrap open of secrets.ldb > Added members to group Remote Desktop Users > > > [root at bart private]# samba-tool group listmembers "Remote Desktop Users" > ldb_wrap open of secrets.ldb > mj > > > Still I get the > > "To log on to this remote computer, you must be granted the Allow log on > through Terminal Services right. By default, members of the Remote Desktop > Users group have this right. If you are not a member of the Remote Desktop > Users group or another group that has this right, or if the Remote Desktop > User group does not have this right, you must be granted this right > manually." > > > If I add the user to the Domain Admins group, I have no problem logging on > through Remote Desktop.... > > I have also connected a Linux machine to the Domain through SSSD and the > AD connector... And it cannot see the Remote Desktop Users group... > > It seems like this is a problem with the Builtin groups??? > > [root at lisa shared]# id mj > uid=1141201110(mj) gid=1141200513(domain users) grupper=1141200513(domain > users) > > > Any ideas??? > > Regards > > Martin > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hi, If I'm not mistaken, the Remote Desktop Users is a local group. Si as Said Louis, you'll have to create a domain group that will be added to the local group on each machin through GPO Regards, Le 02/03/2016 17:28, Martin Juhl a écrit :> Hi > > My next try is to create the group myself, but the point here was that the Builtin group created by the provisioning of Samba, doesn't work... > > /Martin > > ----- Original meddelelse ----- > Fra: "L.P.H. van Belle" <belle at bazuin.nl> > Til: "samba" <samba at lists.samba.org> > Sendt: onsdag, 2. marts 2016 16:55:41 > Emne: Re: [Samba] Remote Desktop Users Group not working?? > > Hai, > > You must have mist something.. > > I did it as followed in the GPO settings. > > I created a "DOMAIN\Allow-RDP" group in the AD. Added users to this group. > > In the GPO, i used "default computer" > Policies - Windows settings - security settings - Restricted groups. > Here add your DOMAIN\Allow-RDP to the Remote Desktop Users. > And > - Windows settings - security settings - Systemservices, > Remote Desktop Services, set to Automatic startup. > > Administrative Templates - > Windows components/Remote desktop services/Host external dekstop session/ connection. > "Allow users to connect to Remote Desktop." > > > Reboot the PC. > > Try again, this should work. > > This : samba-tool group addmembers "Remote Desktop Users" mj > wil not work, so yes, this is correct. > > This might work: > samba-tool group addmembers "BUILDIN\Remote Desktop Users" "DOMAIN\mj" > or > samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj" > or > samba-tool group addmembers "BUILDIN\Remote Desktop Users" "mj at YOUR.DOM.TLD" > > Keep notice of "BUILDIN" and "DOMAIN ( YOUR.DOM.TLD )" > The are very different things.. > > Ow and one extra thing. > > In samba set: > winbind expand groups = 4 > The number is the depth of the groups, the higher the number the slower the auth check. > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Martin Juhl >> Verzonden: woensdag 2 maart 2016 16:30 >> Aan: samba >> Onderwerp: [Samba] Remote Desktop Users Group not working?? >> >> Hi >> >> I have setup a Samba AD and connected a Windows 7 machine to the AD... >> >> I'm having problems getting the Remote Desktop Users group to work... >> >> [root at bart private]# samba-tool group addmembers "Remote Desktop Users" mj >> ldb_wrap open of secrets.ldb >> Added members to group Remote Desktop Users >> >> >> [root at bart private]# samba-tool group listmembers "Remote Desktop Users" >> ldb_wrap open of secrets.ldb >> mj >> >> >> Still I get the >> >> "To log on to this remote computer, you must be granted the Allow log on >> through Terminal Services right. By default, members of the Remote Desktop >> Users group have this right. If you are not a member of the Remote Desktop >> Users group or another group that has this right, or if the Remote Desktop >> User group does not have this right, you must be granted this right >> manually." >> >> >> If I add the user to the Domain Admins group, I have no problem logging on >> through Remote Desktop.... >> >> I have also connected a Linux machine to the Domain through SSSD and the >> AD connector... And it cannot see the Remote Desktop Users group... >> >> It seems like this is a problem with the Builtin groups??? >> >> [root at lisa shared]# id mj >> uid=1141201110(mj) gid=1141200513(domain users) grupper=1141200513(domain >> users) >> >> >> Any ideas??? >> >> Regards >> >> Martin >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >
Am 02.03.2016 um 17:33 schrieb Sébastien Le Ray:> If I'm not mistaken, the Remote Desktop Users is a local group. Si as > Said Louis, you'll have to create a domain group that will be added to > the local group on each machin through GPOThat's right. And if you're looking for an easy way to put your domain group to some/all workstations local Remote Desktop Users group: https://wiki.samba.org/index.php/Managing_local_groups_on_domain_members_via_GPO_restricted_groups Regards, Marc