[Samba] samba linux gpo
Peter Carlson
peter at howudodat.com
Fri Oct 21 16:03:14 UTC 2022
Here is some preliminary testing with samba linux gpo.
*Password and Security:*
Computer Configuration > Policies > OS Settings > Security Settings >
Account Policy
OS Settings doesn't exist
*GNOME:*
I cant find any gnome settings in RSAT
*sudo:*
GPO: Linux Sudo
All Tests performed with samba-gpupdate --force --rsop
step 1: add Domain Users as sudo, that generated gp_syvdg6p6 with Domain
Users in it
step 2: change policy to Linux Users. That generated a new gp file
gp_rjdmvvow with Linux Users (now there are 2 files)
==============================================================================================================================
CSE: gp_sudoers_ext
--------------------------------------------------------------------------------------------
Policy Type: Sudo Rights
--------------------------------------------------------------------------------------------
[ %SDCP\\Linux\x20Users ALL=(ALL) NOPASSWD: ALL ]
--------------------------------------------------------------------------------------------
step 3: change policy to Linux Test. That did nothing. gp_rjdmvvow
still contains Linux Users
GPO: Linux Sudo
==============================================================================================================================
CSE: gp_sudoers_ext
--------------------------------------------------------------------------------------------
Policy Type: Sudo Rights
--------------------------------------------------------------------------------------------
[ %SDCP\\Linux\x20Test ALL=(ALL) NOPASSWD: ALL ]
--------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------
After unlinking the policy, it no longer shows up in --rsop but there
are now 2 files
root at xrdp:/etc/sudoers.d# ls -l gp*
-rw------- 1 root root 312 Oct 21 15:42 gp_rjdmvvow
-rw------- 1 root root 313 Oct 21 15:36 gp_syvdg6p6
root at xrdp:/etc/sudoers.d# cat gp*
### autogenerated by samba
#
# This file is generated by the gp_sudoers_ext Group Policy
# Client Side Extension. To modify the contents of this file,
# modify the appropriate Group Policy objects which apply
# to this machine. DO NOT MODIFY THIS FILE DIRECTLY.
#
%SDCP\\Linux\x20Users ALL=(ALL) NOPASSWD: ALL
### autogenerated by samba
#
# This file is generated by the gp_sudoers_ext Group Policy
# Client Side Extension. To modify the contents of this file,
# modify the appropriate Group Policy objects which apply
# to this machine. DO NOT MODIFY THIS FILE DIRECTLY.
#
%SDCP\\Domain\x20Users ALL=(ALL) NOPASSWD: ALL
More information about the samba
mailing list