[Samba] Group Policy Settings Missing/Not Applying

David Mulder dmulder at samba.org
Fri Jan 6 15:50:04 UTC 2023 

On 1/6/23 8:11 AM, Dawson Greeley via samba wrote:
> Hi, Im attempting to apply a few group policy settings but they dont seem to be applying on the machine in question, or some settings I cannot see in the GPME.
>
>
>    1.  Settings applied to openssh dont seem to create the required config files in /etc/ssh/sshd_config.d/ for ssh to actually pick up on these changes. Is there a different location its applying these to that I can verify with? Below is an example of what im trying to set just to see if it works
>
> CSE: vgp_openssh_ext
>    -------------------------------------------------------------------------------------
>      Policy Type: VGP/Unix Settings/OpenSSH
>      -------------------------------------------------------------------------------------
>      [ PermitRootLogon ] = yes
>      -------------------------------------------------------------------------------------
>    -------------------------------------------------------------------------------------

See chapter 18 in the Group Policy book: 
https://dmulder.github.io/group-policy-book/openssh.html#client-side-extension-13

It should be creating the file in /etc/ssh/sshd_config.d/, but the 
contents of the cache will tell you exactly where.

Have you configured automatic refresh, or manually applied the settings?

https://dmulder.github.io/group-policy-book/policy-refresh.html

If you don't have policy refresh enabled, then you wont see the policy 
applied to the machine.

>    2.  In GPME I do not see 'Computer Configuration > Policies > Administrative Templates > Samba > GNOME' when editing my policy with the default samba admx template that was loaded via 'samba-tool gpo admxload -U Administrator". Not quite sure how to go about debugging why its not there since the wiki just says that its with the default template is loaded. Does it matter that I already had windows admx templates installed then installed samba admx templates after the fact?

See the instructions on how to install the ADMX templates 
(Administrative Templates): 
https://dmulder.github.io/group-policy-book/install-admx.html#install-admx-samba

If you've already installed them, then you should know there is actually 
a bug. GPMC doesn't read templates with a space ' ' in the name. Rename 
'libgpo/admx/GNOME Settings.admx' and 'libgpo/admx/en-US/GNOME 
Settings.adml' to use an underscore instead of a space. This is already 
fixed in Samba master. Perhaps we should backport this?

Like this:
libgpo/admx/GNOME_Settings.admx
libgpo/admx/en-US/GNOME_Settings.adml

-- 
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com

More information about the samba mailing list