[Samba] Group Policy Settings Missing/Not Applying
David Mulder
dmulder at samba.org
Fri Jan 6 16:15:50 UTC 2023
On 1/6/23 8:50 AM, David Mulder via samba wrote:
> On 1/6/23 8:11 AM, Dawson Greeley via samba wrote:
>> Hi, Im attempting to apply a few group policy settings but they dont
>> seem to be applying on the machine in question, or some settings I
>> cannot see in the GPME.
>>
>>
>> 1. Settings applied to openssh dont seem to create the required
>> config files in /etc/ssh/sshd_config.d/ for ssh to actually pick up
>> on these changes. Is there a different location its applying these to
>> that I can verify with? Below is an example of what im trying to set
>> just to see if it works
>>
>> CSE: vgp_openssh_ext
>> -------------------------------------------------------------------------------------
>> Policy Type: VGP/Unix Settings/OpenSSH
>> -------------------------------------------------------------------------------------
>> [ PermitRootLogon ] = yes
>> -------------------------------------------------------------------------------------
>> -------------------------------------------------------------------------------------
>
> See chapter 18 in the Group Policy book:
> https://dmulder.github.io/group-policy-book/openssh.html#client-side-extension-13
>
> It should be creating the file in /etc/ssh/sshd_config.d/, but the
> contents of the cache will tell you exactly where.
>
> Have you configured automatic refresh, or manually applied the settings?
>
> https://dmulder.github.io/group-policy-book/policy-refresh.html
>
> If you don't have policy refresh enabled, then you wont see the policy
> applied to the machine.
>
>> 2. In GPME I do not see 'Computer Configuration > Policies >
>> Administrative Templates > Samba > GNOME' when editing my policy with
>> the default samba admx template that was loaded via 'samba-tool gpo
>> admxload -U Administrator". Not quite sure how to go about debugging
>> why its not there since the wiki just says that its with the default
>> template is loaded. Does it matter that I already had windows admx
>> templates installed then installed samba admx templates after the fact?
>
> See the instructions on how to install the ADMX templates
> (Administrative Templates):
> https://dmulder.github.io/group-policy-book/install-admx.html#install-admx-samba
>
> If you've already installed them, then you should know there is
> actually a bug. GPMC doesn't read templates with a space ' ' in the
> name. Rename 'libgpo/admx/GNOME Settings.admx' and
> 'libgpo/admx/en-US/GNOME Settings.adml' to use an underscore instead
> of a space. This is already fixed in Samba master. Perhaps we should
> backport this?
>
> Like this:
> libgpo/admx/GNOME_Settings.admx
> libgpo/admx/en-US/GNOME_Settings.adml
>
I just remembered there is a second bug in the GNOME admx templates.
Best if you just use the templates from Samba master, and remove any old
files from your sysvol.
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the samba
mailing list