Closed MysteryWoMan closed 5 years ago
Did you read http://mutonufoai.github.io/pgina/documentation/plugins/local_machine.html? Have you used the sid S-1-5-32-544 for the administrators group?
2x Yes. But I removed the S-1-5-32-544 group (Administrators) from 'mandatory groups' because of the error.
I added it again now , after manually making all (pGina) users member of Administrators , and it works! So the problem is solved. But a new user (first login) will encounter the problem again.
I now discovered that everything works on first login when the 'Users' group (S-1-5-32-545) is used as Mandatory Groups instead of the Administrators group. Could it be that pGina has insufficient permissions to add members to the Administrators group, but enough to add them to the Users group?
'Always Authenticate Users' seems a temporary fix to let both new users and existing Admin-users login.
Could it be that pGina has insufficient permissions
No, running as system
The def. group, is the local user group and any user should be part of this group
your error
2019-02-19 23:20:05,951 [4344|28|ERROR] LocalAccount[chantal]: PrincipalOperationException when checking group membership for user chantal in group Administrators. This usually means that you have an unresolvable SID as a group member. I strongly recommend that you fix this problem as soon as possible by removing the SID from the group. Ignoring the exception and continuing.
is triggered here https://github.com/MutonUfoAI/pgina/blob/master/Plugins/LocalMachine/LocalAccount.cs#L282
Er is een fout (1332) opgetreden bij het inventariseren van het groepslidmaatschap. De SID van het lid is niet herleid.
ERROR_NONE_MAPPED 1332 (0x534) No mapping between account names and security IDs was done
Are you sure you've used the correct sid
That was it!
This usually means that you have an unresolvable SID as a group member.
--> There was indeed an old SID in the Administrators group (of a user that doesn't exist anymore). By removing it, everything works. The error messages literally said it! Should've paid more attention to it.
Thank you very much for the support!! You should add a donation link to your website.
I second this. Definitely add a donate option. :) — MM.
On 21 Feb 2019, at 15:00, MysteryWoMan notifications@github.com wrote:
That was it!
This usually means that you have an unresolvable SID as a group member.
--> There was indeed an old SID in the Administrators group (of a user that doesn't exist anymore). By removing it, everything works. The error messages literally said it! Should've paid more attention to it.
Thank you very much for the support!! You should add a donation link to your website.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/MutonUfoAI/pgina/issues/138#issuecomment-466031633, or mute the thread https://github.com/notifications/unsubscribe-auth/ABxcsIAdqXUsubVNUh44JBJ63ZmjIISJks5vPrSKgaJpZM4bEHE3.
Setup
pGina 3.9.9.12 Windows 10 (Pro / 64-bit / build 17134) Enabled plugins:
Local Machine (Authentication & Gateway) RADIUS Plugin (Authentication & Notification)
Situation
When a user is authenticated for the first time, pGina creates a local user that is not part of any group (not even the Users group). In my case the users are authenticated by a RADIUS server through the RADIUS plugin, but I doubt that this feature is unique to this plugin.
Problem
When I make a user member of a group ("Administrators" for example), it can no longer login. pGina displays the following output at logon-screen:
(I translated some parts because it is displayed in my local language)
Wished solution
A descriptive way on how I can add a user to a group (without disabling it to login.) OR (even better) A descriptive way on how I can configure pGina or its RADIUS plugin to give each user Administrator privileges.
Log and configuration
pGina.Service.ServiceHost_log.txt pGina.Configuration_log.txt
Generally standard configuration. Plugin order: 1 RADIUS Plugin 2 Local Machine
Thanks already!