[PATCHES v2] GPO support for client machine policy
David Mulder
dmulder at suse.com
Mon Dec 11 13:48:19 UTC 2017
On 12/08/2017 05:07 PM, Andrew Bartlett wrote:
> On Fri, 2017-12-08 at 14:42 -0700, David Mulder via samba-technical
> wrote:
>> These patches add Group Policy support for client machines. Adds a
>> winbind event that calls samba_gpoupdate to apply local machine
>> policies. Adds the option "winbind gpupdate" to smb.conf, which
>> determines whether group policy will be applied to the client.
>> To start off, we only have Environment Variable policies.
> Can we have a better name?
>
> perhaps "honour group policies" or "apply group policies"?
Sure, I don't care what we call it.
>
> Also, what are the risks for a machine if an Environment Variable
> policy was unexpectedly applied (to help us choose if we should have it
> on by default)?
Well, considering the environment variable may already be configured for
windows... The risk could be a PATH variable with Windows paths in it.
MS of course uses a backslash instead of forward slash, and the path
separator is a ';' instead of ':'.
/etc/profile:
#
# Samba GPO Section
# These settings are applied via GPO
#
PATH=$PATH:C:\WINDOWS\system32;C:\WINDOWS
#
# End Samba GPO Section
#
> ssh dmulder@<>
Last login: Mon Dec 11 06:44:16 2017 from <>
C:WINDOWS: command not found
> echo $PATH
/opt/alt-tools/bin:/usr/lib/mit/bin:/home/dmulder/bin:/tmp/smb/bin:/opt/alt-tools/bin:/usr/lib/mit/bin:/home/dmulder/bin:/tmp/smb/bin:/home/dmulder/bin:/usr/local/bin:/usr/bin:/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/sbin:C:WINDOWSsystem32
> which cat
/usr/bin/cat
The path still seems to work, but has some odd stuff in it. And users
will get an error every time they open a shell. I could check the PATH
environment variable on apply, and test if it looks like a windows path,
then not apply it.
>
> Thanks,
>
> Andrew Bartlett
--
David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
More information about the samba-technical
mailing list