Hello,
I have a scenario very similar to that described in the thread '[Samba] Help with Remote Desktop Users group with Samba PDC' where I have a Samba PDC + LDAP running on a Suse 10 system and a Windows Server 2008 with Terminal Services enabled.

The Windows Server 2008 client successfully joins the domain and when I'm physically connected to the machine, I can also log on with the LDAP users. The problem arises when I try to logon via RDP onto the Windows Server machine. I get an error message telling me that 'Your interactive logon privilege has been disabled. Please contact your administrator.'

I did add the Samba LDAP group (of the users that I want to give RDP access) to the 'Remote Desktop Users' group on the Windows Server machine, so the domain users DO have permission to access the Windows Server over RDP. The funny thing is that the user 'domain\root' is able to logon via RDP without any problem which leads me to think that it's a permission problem on the Samba side.

Any help greatly appreciated!

Best regards,
Patrick