I wanted to point out exactly what sssd support is provided with regards to
Active Directory. Windows workstation/server management is not one of them
and I think it is important people understand that.
Most of the questions I get are around Windows configuration questions and
due to that confusion people think sssd magically translates windows
setting into compatible Linux equivalents.
That is not the case.
On Mon, Sep 12, 2022 at 5:54 PM 昭翰 任 <zhaohan.ren(a)hotmail.com> wrote:
Thanks Tomáš & Gregory for your response
You are right, sssd has some GPO related
settings(e.g. ad_gpo_access_control/ad_gpo_implicit_deny/ad_gpo_cache_timeout/...),
however there are for access control, not what I want. What I want is a
customized GPO settings that AD could refresh/push to all the client side,
for example:
I have an AD(winserver2012) and some clients(Win10, Ubuntu22.04), there is
an ADMX policy which defines the max DPI that could be used when printing a
document, this ADMX policy has been deployed correctly on the AD, what I
expect is when I change the max DPI value on the AD, both Win10 and
Ubuntu(maybe stored at somewhere on the disk?) could get the latest max DPI
I setup on AD.
However I found Win10 could get the latest DPI value, but the Linux system
doesn't get any update.
Does sssd support the scenario I described above?
BRs
------------------------------
*From:* Gregory Carter <gjcarter2(a)gmail.com>
*Sent:* Monday, September 12, 2022 16:44
*To:* End-user discussions about the System Security Services Daemon <
sssd-users(a)lists.fedorahosted.org>
*Subject:* [SSSD-users] Re: AD refresh GPO to Ubuntu22.04
Excellent, so please share with the list what windows settings I can use
GPO on from my Linux box.
On Mon, Sep 12, 2022 at 2:44 AM Tomas Halman <thalman(a)redhat.com> wrote:
There actually is GPO support in SSSD.
Looking at the man page (sssd-ad), you have to use "ad" provider and tune
few options regarding gpo, particularly ad_gpo_access_control and
ad_gpo_implicit_deny.
If it is not working for you, can you share the sssd.conf? Eventually you
can increase the SSSD debug_level and look into logs if there is something
wrong with GPO evaluation.
HTH
Tomáš
On Sat, Sep 10, 2022 at 2:53 AM Gregory Carter <gjcarter2(a)gmail.com>
wrote:
There is no such thing as a GPO for a LINUX box.
That being said I use Puppet to do basically the same thing. (i.e. Bring
LINUX, MAC, Windows to bear on a common LDAP policy schema I created to
enforce machine configurations, authentication and security policies.)
On Fri, Sep 9, 2022 at 12:56 AM 任 昭翰 <zhaohan.ren(a)hotmail.com> wrote:
Hi guys
I have a Ubuntu22.04 client which joined to an AD(winserver 2012) server
by sssd + realm, in the AD I have a customized GPO, is it possible that the
AD refresh/push the GPO to the Ubuntu machine? I also have a win10 client
that also joined this AD, the win10 client could receive the GPO update
successfully from the AD.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Tomáš Halman
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue