[Samba] GPO Filter Group/User
Carlos A. P. Cunha
carlos.hollow at gmail.com
Wed May 31 21:26:44 UTC 2017
Hello!
Thanks.
I'm trying but still unsuccessful .....
Regards
Em 30-05-2017 16:05, Sebastian Arcus via samba escreveu:
>
> On 30/05/17 15:42, Carlos A. P. Cunha via samba wrote:
>> Hello!
>>
>> My Configuration:
>>
>> lsb_release -a
>>
>> No LSB modules are available.
>> Distributor ID: Ubuntu
>> Description: Ubuntu 14.04.3 LTS
>> Release: 14.04
>> Codename: trusty
>>
>> Version Samba:
>>
>> samba-tool -V
>> 4.4.4
>>
>> My problem is, create a GPO with group Filtering, in case I want the
>> GPO to be applied only to a specific group.
>> When I do this (Filter) it does not load the GPO, only when I leave
>> the default (Authenticated User).
>> Is there something wrong with Samba or something different?
>
> I've hit this a few weeks back, and it turns out that it is the
> default behaviour in Active Directory on the Windows side as well -
> not just Samba. Essentially, if you want to do security filtering on
> GPO's, you have to add the desired group or user in the security tab,
> and then go in the Delegation tab, click on Advanced, and remove the
> "Apply" rights for Authenticated Users - but leave the "Read" right in
> place. You should not remove the "Authenticated Users" from the
> security tab (but it will disappear from there when you remove its
> "Apply" privilege).
>
> The bottom line is that the "Authenticated Users" have to stay in with
> the "Read" permission - otherwise the whole GPO doesn't work.
>
> I hope the above makes sense - as I don't have the UI in front of me,
> and I'm typing from memory.
>
More information about the samba
mailing list