[K12OSN] SMB/LDAP Groups Issue
Christopher K. Johnson
ckjohnson at gwi.net
Fri Jul 15 14:04:39 UTC 2005
Jason Ingalls wrote:
>Our newly installed SMB/LDAP server seems to be having trouble getting the group
>information out to the windows clients. For instance if I add a user to the
>"Domain Admins" group the user doesn't necessarily get Domain Admin rights at
>the windows boxes. I am a member of that group and it works for me. However I
>add the boss to that group and he doesn't pick it up on Windows. Same goes for
>a group we have called Staff. It works for most ppl but a person we added
>yesterday is not picking those permissions up on the Windows clients.
What does the directory entry for the group look like (was the
membership correctly added)?
And how about differences between entries - e.g. yours and your boss'?
Do they have the same attributes and objectclasses? If other Windows
authorizations of their authenticated ID work fine then this is probably
not the problem.
More typical Windows ACL issues:
When you say it doesn't work on Windows clients - could the failing
authorization be due to the other person's ID or a group of which they
are a member being explicitly denied by another entry in the ACL?
"Spend less! Do more! Go Open Source..." -- Dirigo.net
Chris Johnson, RHCE #807000448202021
More information about the K12OSN