[Samba] GPO Filter Group/User

Carlos A. P. Cunha carlos.hollow at gmail.com
Wed May 31 21:26:44 UTC 2017



I'm trying but still unsuccessful .....


Em 30-05-2017 16:05, Sebastian Arcus via samba escreveu:
> On 30/05/17 15:42, Carlos A. P. Cunha via samba wrote:
>> Hello!
>> My Configuration:
>> lsb_release -a
>> No LSB modules are available.
>> Distributor ID: Ubuntu
>> Description:    Ubuntu 14.04.3 LTS
>> Release:        14.04
>> Codename:       trusty
>> Version Samba:
>> samba-tool -V
>> 4.4.4
>> My problem is, create a GPO with group Filtering, in case I want the 
>> GPO to be applied only to a specific group.
>> When I do this (Filter) it does not load the GPO, only when I leave 
>> the default (Authenticated User).
>> Is there something wrong with Samba or something different?
> I've hit this a few weeks back, and it turns out that it is the 
> default behaviour in Active Directory on the Windows side as well - 
> not just Samba. Essentially, if you want to do security filtering on 
> GPO's, you have to add the desired group or user in the security tab, 
> and then go in the Delegation tab, click on Advanced, and remove the 
> "Apply" rights for Authenticated Users - but leave the "Read" right in 
> place. You should not remove the "Authenticated Users" from the 
> security tab (but it will disappear from there when you remove its 
> "Apply" privilege).
> The bottom line is that the "Authenticated Users" have to stay in with 
> the "Read" permission - otherwise the whole GPO doesn't work.
> I hope the above makes sense - as I don't have the UI in front of me, 
> and I'm typing from memory.

More information about the samba mailing list