[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] SMB/LDAP Groups Issue

My account and my boss's account are a spot on match (including
primary/secondary group memberships).

A few minutes ago we just noticed that everything started working. My account
lost admin privs (we took it out of the group this morning) and my boss started
working. As soon as I added my account back into Domain Admins I immediately had
admin rights (seemingly ruling out some soft of propigation delay). So right now
everything appears to be working normally... but I'm unsure if the problem will

-- Jason Ingalls Ellsworth School Department IT Specialist 207-667-4722 Ext. 5529 jingalls (at) ellsworthschools.org

Quoting "Christopher K. Johnson" <ckjohnson gwi net>:

Jason Ingalls wrote:

Our newly installed SMB/LDAP server seems to be having trouble getting the group
information out to the windows clients. For instance if I add a user to the
"Domain Admins" group the user doesn't necessarily get Domain Admin rights at
the windows boxes. I am a member of that group and it works for me. However I
add the boss to that group and he doesn't pick it up on Windows. Same goes for
a group we have called Staff. It works for most ppl but a person we added
yesterday is not picking those permissions up on the Windows clients.

Any thoughts?


What does the directory entry for the group look like (was the membership correctly added)?
And how about differences between entries - e.g. yours and your boss'? Do they have the same attributes and objectclasses? If other Windows authorizations of their authenticated ID work fine then this is probably not the problem.

More typical Windows ACL issues:
When you say it doesn't work on Windows clients - could the failing authorization be due to the other person's ID or a group of which they are a member being explicitly denied by another entry in the ACL?


  "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
  Chris Johnson, RHCE #807000448202021

K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]