Loading ADMX-Files

Stefan Kania stefan at kania-online.de
Fri Feb 19 19:25:26 UTC 2021 

Hi,

I try to test uploading and using the ADMX-File for winbind-GPOs. I
followed the wiki:
https://wiki.samba.org/index.php/Group_Policy

I use he sernet-packages 4.14rc3

Uploading the ADMx-files worked. I can see the Policies in " Computer
Configuration > Policies > Administrative Templates " in GPO-manager,
but all the other policies are gone. So I can only apply the
samba-policies but not the "normal" Template-policies.
 First Question: How can I get both, the Samba-policies AND the
windows-Policies?

But i did another step:
I created two GPOs one for /etc/motd and the other for /etc/issue. Put
Yes: I liked the gpo to the OU where my Linux-members are located.

I tested with:
-----
root at addc-01:~# samba-tool gpo list LINUX-CLIENT\$
GPOs for user LINUX-CLIENT$
    linux {8CC4F70C-4C09-4D5E-AE39-FC6CEFB98D20}
--------
So GPO is ok

Into [global] of smb.conf  I added the line:
-----------
apply group policies = yes
-----------

Even restarted the Client. I expected that the content of the two files
had changed to what I wrote init the GPO.

After I logged in to the client no message was shown, so i did a
samba-gpupdate, first as "normal" user

------------
stka at linux-client:~$ samba-gpupdate
Traceback (most recent call last):
  File "/usr/sbin/samba-gpupdate", line 76, in <module>
    store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
  File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 254, in
__init__
    self.log = tdb.open(log_file)
PermissionError: [Errno 13] Permission denied
Error in sys.excepthook:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 153,
in apport_excepthook
    with os.fdopen(os.open(pr_filename,
FileNotFoundError: [Errno 2] No such file or directory:
'/var/crash/_usr_sbin_samba-gpupdate.1000.crash'

Original exception was:
Traceback (most recent call last):
  File "/usr/sbin/samba-gpupdate", line 76, in <module>
    store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
  File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 254, in
__init__
    self.log = tdb.open(log_file)
PermissionError: [Errno 13] Permission denied
Exception ignored in: <function GPOStorage.__del__ at 0x7ff4dc2e8a60>
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 286, in
__del__
    self.log.close()
AttributeError: 'GPOStorage' object has no attribute 'log'
------------

And then with sudo:
------------
stka at linux-client:~$ sudo samba-gpupdate
[sudo] Passwort für stka:
(pam_mount.c:365): pam_mount 2.16: entering auth stage
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
(pam_mount.c:133): clean system authtok=0x563b065391d0 (1073741824)
------------

And with --force
------------
stka at linux-client:~$ sudo samba-gpupdate --force
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164

------------

The client is Linux-mint 20.1. with samba 4.11.6 from Ubuntu.

second question: is this a Bug or am I missed something.


-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3477 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20210219/fa382499/smime.bin>

More information about the samba-technical mailing list