[K12OSN] SMB/LDAP Groups Issue

Jason Ingalls jingalls at ellsworthschools.org
Fri Jul 15 14:21:37 UTC 2005 

My account and my boss's account are a spot on match (including
primary/secondary group memberships).

A few minutes ago we just noticed that everything started working. My account
lost admin privs (we took it out of the group this morning) and my boss 
started
working. As soon as I added my account back into Domain Admins I 
immediately had
admin rights (seemingly ruling out some soft of propigation delay). So 
right now
everything appears to be working normally... but I'm unsure if the 
problem will
reappear.


-- 
Jason Ingalls
Ellsworth School Department
IT Specialist
207-667-4722 Ext. 5529
jingalls (at) ellsworthschools.org


Quoting "Christopher K. Johnson" <ckjohnson at gwi.net>:

> Jason Ingalls wrote:
>
>> Our newly installed SMB/LDAP server seems to be having trouble 
>> getting the group
>> information out to the windows clients. For instance if I add a user to the
>> "Domain Admins" group the user doesn't necessarily get Domain Admin 
>> rights at
>> the windows boxes. I am a member of that group and it works for me. 
>> However I
>> add the boss to that group and he doesn't pick it up on Windows. 
>> Same goes for
>> a group we have called Staff. It works for most ppl but a person we added
>> yesterday is not picking those permissions up on the Windows clients.
>>
>> Any thoughts?
>>
>> Thanks,
>>
>>
> Basics:
> What does the directory entry for the group look like (was the 
> membership correctly added)?
> And how about differences between entries - e.g. yours and your 
> boss'?  Do they have the same attributes and objectclasses? If other 
> Windows authorizations of their authenticated ID work fine then this 
> is probably not the problem.
>
> More typical Windows ACL issues:
> When you say it doesn't work on Windows clients - could the failing 
> authorization be due to the other person's ID or a group of which 
> they are a member being explicitly denied by another entry in the ACL?
>
> Chris
> -- 
>
>   "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
>   Chris Johnson, RHCE #807000448202021
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the K12OSN mailing list