[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] SMB/LDAP Groups Issue

Jason Ingalls wrote:

Our newly installed SMB/LDAP server seems to be having trouble getting the group
information out to the windows clients. For instance if I add a user to the
"Domain Admins" group the user doesn't necessarily get Domain Admin rights at
the windows boxes. I am a member of that group and it works for me. However I
add the boss to that group and he doesn't pick it up on Windows. Same goes for
a group we have called Staff. It works for most ppl but a person we added
yesterday is not picking those permissions up on the Windows clients.

Any thoughts?


What does the directory entry for the group look like (was the membership correctly added)?
And how about differences between entries - e.g. yours and your boss'? Do they have the same attributes and objectclasses? If other Windows authorizations of their authenticated ID work fine then this is probably not the problem.

More typical Windows ACL issues:
When you say it doesn't work on Windows clients - could the failing authorization be due to the other person's ID or a group of which they are a member being explicitly denied by another entry in the ACL?


  "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
  Chris Johnson, RHCE #807000448202021

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]