Windows not seeing all groups on specific user

igorneves · April 8, 2019, 3:15pm

Hello,

I would like some help if possible, I don’t know where to look for this errors, I check all the logs but can’t find anything.

I have user userA belonging to group B and group C, windows see both groups fine on userA. I have another user userB belonging to the same group B and C and when I do “gpresult /r” I can’t see those groups on the result.

This is on the same machine, I can’t understand why and where to look for. This only happen on Windows Clients with this specific user, if I do “id userB” on Linux machine, all groups are fine.

Thanks,
Best Regards

igorneves · April 10, 2019, 12:25pm

No one there please?

Grandjean · April 10, 2019, 12:31pm

Hm, you might want to check if the sync between OpenLDAP (which is the backend for the Webinterface and all the Linux/POSIX stuff on the server) and Samba AD (which is the backend for the Windows Clients) works.

Here is a blog article that describes the concept:

You might want to start by checking:

a) run univention-s4connector-list-rejected on your UCS Master and paste the output here
b) check with the user and group tool of RSAT if you can see the group memberships of userB
c) check the Samba AD contents on the command line on your UCS Master: univention-s4search cn="group B"