BlueSky-Software
2006-08-03, 12:51 PM CDT
Hi All,
I just built an FC5 PDC and everything seemed to go OK. My windows 2k workstation joined the domain without problem but when I try to log on as a user I get an error
"The local policy of this system does not permit you to logon interactively"
I modified the local policy to allow “everyone” to log on locally and this seems to work but is not secure. I think the problem is in the user mapping.
The result of a
net usermap llist | sort is:-
Account Operators (S-1-5-32-548) -> -1
Administrators (S-1-5-32-544) -> -1
Backup Operators (S-1-5-32-551) -> -1
Domain Admins (S-1-5-21-1912005297-4289566140-1910883163-1001) -> root
Domain Admins (S-1-5-21-1912005297-4289566140-1910883163-512) -> -1
Domain Guests (S-1-5-21-1912005297-4289566140-1910883163-1199) -> nobody
Domain Guests (S-1-5-21-1912005297-4289566140-1910883163-514) -> -1
Domain Users (S-1-5-21-1912005297-4289566140-1910883163-1201) -> users
Domain Users (S-1-5-21-1912005297-4289566140-1910883163-513) -> -1
etc...
But the result of a
Net usermap cleanup is :-
Group Domain Admins is not mapped
Group Domain Guests is not mapped
Group Domain Users is not mapped
I think this means that the groups are not mapped so the policy refuses to let me log in as it does not see me as a user.
Anyone know how to get the mappings to work correctly, or what I'm doing wrong?
Thanks in advance
Derek
I just built an FC5 PDC and everything seemed to go OK. My windows 2k workstation joined the domain without problem but when I try to log on as a user I get an error
"The local policy of this system does not permit you to logon interactively"
I modified the local policy to allow “everyone” to log on locally and this seems to work but is not secure. I think the problem is in the user mapping.
The result of a
net usermap llist | sort is:-
Account Operators (S-1-5-32-548) -> -1
Administrators (S-1-5-32-544) -> -1
Backup Operators (S-1-5-32-551) -> -1
Domain Admins (S-1-5-21-1912005297-4289566140-1910883163-1001) -> root
Domain Admins (S-1-5-21-1912005297-4289566140-1910883163-512) -> -1
Domain Guests (S-1-5-21-1912005297-4289566140-1910883163-1199) -> nobody
Domain Guests (S-1-5-21-1912005297-4289566140-1910883163-514) -> -1
Domain Users (S-1-5-21-1912005297-4289566140-1910883163-1201) -> users
Domain Users (S-1-5-21-1912005297-4289566140-1910883163-513) -> -1
etc...
But the result of a
Net usermap cleanup is :-
Group Domain Admins is not mapped
Group Domain Guests is not mapped
Group Domain Users is not mapped
I think this means that the groups are not mapped so the policy refuses to let me log in as it does not see me as a user.
Anyone know how to get the mappings to work correctly, or what I'm doing wrong?
Thanks in advance
Derek