Likewise Open Installation and Administration Guide - Purple Rage
Likewise Open Installation and Administration Guide - Purple Rage
Likewise Open Installation and Administration Guide - Purple Rage
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4. In the GPMC, run the group policy modeling tool to pinpoint the offending policy <strong>and</strong> then modify the policy to grant the correct level of user right to<br />
the computer or user. For more information, see Group Policy Modeling.<br />
In the following screen shot, for example, the cause of the problem is that the deny-access-to-this-computer-from-the-network default domain<br />
policy contains the domain computers group.<br />
9.4.7. Fix Selective Authentication in a Trusted Domain<br />
When you turn on selective authentication for a trusted domain, <strong>Likewise</strong> can fail to look up users in the trusted domain because the machine account is<br />
not allowed to authenticate with the domain controllers in the trusted domain. Here's how to grant the machine account access to the trusted domain:<br />
1. In the domain the computer is joined to, create a global group <strong>and</strong> add the computer's machine account to the group.<br />
2. In the trusted domain, in Active Directory Users <strong>and</strong> Computers, select the Domain Controllers container <strong>and</strong> open Properties.<br />
3. On the Security tab, click Advanced, click Add, enter the global group, <strong>and</strong> then click OK.<br />
4. In the Permission Entry box, under Apply onto, select Computer objects. Under Permissions, find Allowed to Authenticate <strong>and</strong> enable it.<br />
Click OK <strong>and</strong> then click Apply in the Advanced Security Settings box.<br />
5. If you have already joined the <strong>Likewise</strong> client computer to the domain, restart the <strong>Likewise</strong> authentication service:<br />
/opt/likewise/bin/lwsm restart lsass<br />
9.5. Cache<br />
9.5.1. Clear the Authentication Cache<br />
There are certain conditions under which you might need to clear the cache so that a user's ID is recognized on a target computer.<br />
By default, the user's ID is cached for 4 hours. If you change a user's UID for a <strong>Likewise</strong> cell with <strong>Likewise</strong> Enterprise, during the 4 hours after you<br />
change the UID you must clear the cache on a target computer in the cell before the user can log on. If you do not clear the cache after changing the<br />
UID, the computer will find the old UID until the cache expires.<br />
There are three <strong>Likewise</strong> Enterprise group policies that can affect the cache time: