[K12OSN] SMB/LDAP Groups Issue

Christopher K. Johnson ckjohnson at gwi.net
Fri Jul 15 14:04:39 UTC 2005

Jason Ingalls wrote:

>Our newly installed SMB/LDAP server seems to be having trouble getting the group
>information out to the windows clients. For instance if I add a user to the
>"Domain Admins" group the user doesn't necessarily get Domain Admin rights at
>the windows boxes. I am a member of that group and it works for me. However I
>add the boss to that group and he doesn't pick it up on Windows. Same goes for
>a group we have called Staff. It works for most ppl but a person we added
>yesterday is not picking those permissions up on the Windows clients.
>Any thoughts?
What does the directory entry for the group look like (was the 
membership correctly added)?
And how about differences between entries - e.g. yours and your boss'?  
Do they have the same attributes and objectclasses? If other Windows 
authorizations of their authenticated ID work fine then this is probably 
not the problem.

More typical Windows ACL issues:
When you say it doesn't work on Windows clients - could the failing 
authorization be due to the other person's ID or a group of which they 
are a member being explicitly denied by another entry in the ACL?


   "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
   Chris Johnson, RHCE #807000448202021

More information about the K12OSN mailing list