Hi, I've been searching on many forums to solve my issue but no luck, the GPO's
"Allow log on through Remote Desktop Services" and "Deny log on through
Remote Desktop Services" are working well on Windows clients but not on Linux.
I created a test OU where i moved my test computer in, allowed a specific user to log on
through Remote Desktop Services, results: anybody can login via ssh on my test computer.
In sssd logs we can see that its not applying GPOS to the computer:
[ad_gpo_process_gpo_done] (0x0400): no applicable gpos found after dacl filtering
(Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [sysdb_gpo_get_gpo_result_object]
(0x4000): cn=gpos,cn=ad,cn=custom,cn=domain.tld,cn=sysdb
(Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [sysdb_gpo_get_gpo_result_object]
(0x4000): No GPO Result object.
(Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [ad_gpo_access_done] (0x0400): GPO-based
access control successful.
(Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [ad_gpo_access_send] (0x0400): service
systemd-user maps to Permitted
(Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [ad_gpo_access_done] (0x0400): GPO-based
access control successful.
What am i missing here? All GPOS have authenticated user default rights on it.
I attached my sssd.conf here.
Any help would be much appreciated
Regards, Mush.
Attachments:
- sssd.conf
(application/octet-stream — 2.0 KB)