Thanks guys for your clarification, I will find other method.
________________________________
From: Tomas Halman <thalman(a)redhat.com>
Sent: Tuesday, September 13, 2022 9:19
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [SSSD-users]Re: 回复: Re: AD refresh GPO to Ubuntu22.04
In that case Gregory is right, SSSD cares about the access control.
I thought that you were looking for this kind of functionality. Sorry for
misunderstanding...
Tom
On Tue, Sep 13, 2022 at 6:11 AM Gregory Carter
<gjcarter2@gmail.com<mailto:gjcarter2@gmail.com>> wrote:
I wanted to point out exactly what sssd support is provided with regards to Active
Directory. Windows workstation/server management is not one of them and I think it is
important people understand that.
Most of the questions I get are around Windows configuration questions and due to that
confusion people think sssd magically translates windows setting into compatible Linux
equivalents.
That is not the case.
On Mon, Sep 12, 2022 at 5:54 PM 昭翰 任
<zhaohan.ren@hotmail.com<mailto:zhaohan.ren@hotmail.com>> wrote:
Thanks Tomáš & Gregory for your response
You are right, sssd has some GPO related settings(e.g.
ad_gpo_access_control/ad_gpo_implicit_deny/ad_gpo_cache_timeout/...), however there are
for access control, not what I want. What I want is a customized GPO settings that AD
could refresh/push to all the client side, for example:
I have an AD(winserver2012) and some clients(Win10, Ubuntu22.04), there is an ADMX policy
which defines the max DPI that could be used when printing a document, this ADMX policy
has been deployed correctly on the AD, what I expect is when I change the max DPI value on
the AD, both Win10 and Ubuntu(maybe stored at somewhere on the disk?) could get the latest
max DPI I setup on AD.
However I found Win10 could get the latest DPI value, but the Linux system doesn't get
any update.
Does sssd support the scenario I described above?
BRs
________________________________
From: Gregory Carter <gjcarter2@gmail.com<mailto:gjcarter2@gmail.com>>
Sent: Monday, September 12, 2022 16:44
To: End-user discussions about the System Security Services Daemon
<sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>>
Subject: [SSSD-users] Re: AD refresh GPO to Ubuntu22.04
Excellent, so please share with the list what windows settings I can use GPO on from my
Linux box.
On Mon, Sep 12, 2022 at 2:44 AM Tomas Halman
<thalman@redhat.com<mailto:thalman@redhat.com>> wrote:
There actually is GPO support in SSSD.
Looking at the man page (sssd-ad), you have to use "ad" provider and tune few
options regarding gpo, particularly ad_gpo_access_control and ad_gpo_implicit_deny.
If it is not working for you, can you share the sssd.conf? Eventually you can increase the
SSSD debug_level and look into logs if there is something wrong with GPO evaluation.
HTH
Tomáš
On Sat, Sep 10, 2022 at 2:53 AM Gregory Carter
<gjcarter2@gmail.com<mailto:gjcarter2@gmail.com>> wrote:
There is no such thing as a GPO for a LINUX box.
That being said I use Puppet to do basically the same thing. (i.e. Bring LINUX, MAC,
Windows to bear on a common LDAP policy schema I created to enforce machine
configurations, authentication and security policies.)
On Fri, Sep 9, 2022 at 12:56 AM 任 昭翰
<zhaohan.ren@hotmail.com<mailto:zhaohan.ren@hotmail.com>> wrote:
Hi guys
I have a Ubuntu22.04 client which joined to an AD(winserver 2012) server by sssd + realm,
in the AD I have a customized GPO, is it possible that the AD refresh/push the GPO to the
Ubuntu machine? I also have a win10 client that also joined this AD, the win10 client
could receive the GPO update successfully from the AD.
_______________________________________________
sssd-users mailing list --
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave@lists.fedorahosted.org<mailto:sssd-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
sssd-users mailing list --
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave@lists.fedorahosted.org<mailto:sssd-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Tomáš Halman
_______________________________________________
sssd-users mailing list --
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave@lists.fedorahosted.org<mailto:sssd-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
sssd-users mailing list --
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave@lists.fedorahosted.org<mailto:sssd-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
sssd-users mailing list --
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave@lists.fedorahosted.org<mailto:sssd-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Tomáš Halman