[Samba] GPO Filter Group/User
Sebastian Arcus
s.arcus at open-t.co.uk
Thu Jun 1 11:05:27 UTC 2017
On 31/05/17 22:26, Carlos A. P. Cunha wrote:
> Hello!
>
> Thanks.
>
> I'm trying but still unsuccessful .....
Is this a computer or a user GPO?
>
>
> Em 30-05-2017 16:05, Sebastian Arcus via samba escreveu:
>>
>> On 30/05/17 15:42, Carlos A. P. Cunha via samba wrote:
>>> Hello!
>>>
>>> My Configuration:
>>>
>>> lsb_release -a
>>>
>>> No LSB modules are available.
>>> Distributor ID: Ubuntu
>>> Description: Ubuntu 14.04.3 LTS
>>> Release: 14.04
>>> Codename: trusty
>>>
>>> Version Samba:
>>>
>>> samba-tool -V
>>> 4.4.4
>>>
>>> My problem is, create a GPO with group Filtering, in case I want the
>>> GPO to be applied only to a specific group.
>>> When I do this (Filter) it does not load the GPO, only when I leave
>>> the default (Authenticated User).
>>> Is there something wrong with Samba or something different?
>>
>> I've hit this a few weeks back, and it turns out that it is the
>> default behaviour in Active Directory on the Windows side as well -
>> not just Samba. Essentially, if you want to do security filtering on
>> GPO's, you have to add the desired group or user in the security tab,
>> and then go in the Delegation tab, click on Advanced, and remove the
>> "Apply" rights for Authenticated Users - but leave the "Read" right in
>> place. You should not remove the "Authenticated Users" from the
>> security tab (but it will disappear from there when you remove its
>> "Apply" privilege).
>>
>> The bottom line is that the "Authenticated Users" have to stay in with
>> the "Read" permission - otherwise the whole GPO doesn't work.
>>
>> I hope the above makes sense - as I don't have the UI in front of me,
>> and I'm typing from memory.
>>
>
More information about the samba
mailing list