Finally managed to figure out what the problem was! Somehow in my LDAP database I had a corrupted SambaMungedDial entry which the cause of all my troubles. I remember vaguely that it was generated by same ldap tool and I (foolishly) not knowing what it was just copied (in a wrong format) to all the other users.
Actually could anybody point me to some documentation about the purpose of the SambaMungedDial entry in the LDAP database? I wasn't able to find any useful information in the Samba documentation other than that it's an attribute in the samba schema. Is it necessary for joining Windows machines to a Samba PDC? Thanks, Patrick "Patrick Camilleri" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello everybody, > > > > I have a Windows Server 2008 with terminal services enabled joined to a > Samba domain (SuSe server) and I'm able to login as 'domain\user' when I'm > physically sitting at the Windows Server 2008 box. The problem arises when > I > > try to logon via RDP using 'domain\user' onto the Windows Server machine. > I > get an error message telling me that 'Your interactive logon privilege has > been disabled. Please contact your administrator.' > > I also tried this with a Windows Server 2003 machine with a similar > outcome. > > The error message this time was 'You have been denied permissions to log > on > to terminal servers. To resolve this problem, your administrator must > clear > the Deny this user permissions to log on to any terminal server check box > in > > the Terminal Server Profile settings tab.' Of course when checking in the > 'Group Policy Object Editor' I don't find any restrictions. I'm checking > at > this particular location: Local Computer Policy->Computer > Configuration->Windows Settings->Security Settings->Local Policies->User > Rights Assignment->Deny log on through Terminal Services. > > I did add the Samba LDAP group (of the users that I want to give RDP > access) > > to the 'Remote Desktop Users' group on the Windows Server (2008 as well as > 2003) machine, i.e. the domain users DO have permission to access the > Windows > Server over RDP but to no avail. The only user I was able to get to logon > via > RDP was the user 'domain\root'. > > Could this problem be related to the default groups that need to be > defined > in the Samba PDC, mainly Domain Admins, Domain Users and Domain Guests? Or > maybe because I'm not setting up any policies in the netlogon Samba > folder? > > Any help greatly appreciated! > > Thanks, > Patrick > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
