[Samba] smb browse and V1

David Mulder dmulder at samba.org
Fri Oct 21 15:00:42 UTC 2022

On 10/21/22 7:16 AM, Peter Carlson wrote:
> So I took a quick look at adsys.  My first impressions are:
>  1.  It is extremely ubuntu centric, but given the variety of *nix
>     that may not be a bad idea (group user policy by core distro)
>  2.  some of their features (like the one I want, user shares) require
>     a pro subscription
I recall now that this was a major complaint, where important features 
are disabled without a subscription.
>  1. they have their own set of "update / result" tools, instead of
>     using the official way
>  2. I cant figure out what their CSE is, but it doesn't appear to be
>     official
>  3. they are tied to sssd
> Then I took a look at centrify
>  1. They seem to have a very thorough admx layout (although I cant
>     seem to find the file to actually look at it)
>  2. I also cant identify their CSE
>  3. if I understand them correctly it is definitely proprietary
Yes, centrify group policy is proprietary.

> I think the best thing to do would be for me to dive into the CSE. I 
> read your blog and understand at the 10,000' level what to do, but I 
> need to get closer to the ground.  Here is my high level plan:
>  1. Get your simple sample working, unless you have another one
>     already that does any dconf integration, then I'll start with that
>       * Question: does the py script need to be in any particular
>         folder?  I see the registration, I assume I need to do that
>         step manually, it's not called by samba automatically?
The CSE doesn't need to be in a specific folder, so long as you register 
it correctly. No, registration is not automatic. Keep in mind there are 
many CSEs that ship with samba that are already enabled also. This 
process is for creating your own CSE (such as if you have a company 
specific CSE, etc). You're welcome to create your own, but please share 
with the community if you do :-)
>  1. Add a new key that just changes the gnome background by policy (I
>     already know how to do this manually)
No need, we already have gnome settings. There is a lock-down specific 
setting that lets you set any gnome policy. Or you could create your own 
simple policy based on the existing one. The source is in 
>  1. Add keys that I am interested in
>       * This gets a bit messy.  some settings are system.  system can
>         be enforced, until a local root/sudo user changes it.  I guess
>         a chron job that runs from time to time could change it back.
>       * some settings are user.  the user files can be changed, but
>         it's easy enough for a user to override it.  For some settings
>         like background that /might/ be ok, but for others that could
>         be dangerous.  The settings file(s) could be ACLd to something
>         like 640 and owned by root, bu that could break a whole host
>         of other things
>       * I'm sure you guys have given some thought to this part already.
If you set the smb.conf option `apply group policies = True` winbind 
will enforce machine policies every 90 to 120 minutes (the same default 
as Windows group policy). I don't have this for user policy yet. I've 
got this work in progress merge request to partial resolve that issue:


> Thoughts?
> Peter
> PS:  I'd like to change the subject to something more related now to 
> what this is.  Some people consider that annoying
Fine with me.

David Mulder
Labs Software Engineer, Samba
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com

More information about the samba mailing list