[Samba] [External] - Re: Group Policy Settings Missing/Not Applying

Fri Jan 6 21:56:04 UTC 2023

Thank you much!! Loading the templates from the master branch fixed both of my issues (SSH policies not generating a file as well as GNOME policies in GPME). Appreciate it much
________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of David Mulder via samba <samba at lists.samba.org>
Sent: Friday, January 6, 2023 9:50 AM
To: samba at lists.samba.org <samba at lists.samba.org>
Subject: [External] - Re: [Samba] Group Policy Settings Missing/Not Applying

On 1/6/23 8:11 AM, Dawson Greeley via samba wrote:
> Hi, Im attempting to apply a few group policy settings but they dont seem to be applying on the machine in question, or some settings I cannot see in the GPME.
>
>
>    1.  Settings applied to openssh dont seem to create the required config files in /etc/ssh/sshd_config.d/ for ssh to actually pick up on these changes. Is there a different location its applying these to that I can verify with? Below is an example of what im trying to set just to see if it works
>
> CSE: vgp_openssh_ext
>    -------------------------------------------------------------------------------------
>      Policy Type: VGP/Unix Settings/OpenSSH
>      -------------------------------------------------------------------------------------
>      [ PermitRootLogon ] = yes
>      -------------------------------------------------------------------------------------
>    -------------------------------------------------------------------------------------

See chapter 18 in the Group Policy book:
https://dmulder.github.io/group-policy-book/openssh.html#client-side-extension-13

It should be creating the file in /etc/ssh/sshd_config.d/, but the
contents of the cache will tell you exactly where.

Have you configured automatic refresh, or manually applied the settings?

https://dmulder.github.io/group-policy-book/policy-refresh.html

If you don't have policy refresh enabled, then you wont see the policy
applied to the machine.

>    2.  In GPME I do not see 'Computer Configuration > Policies > Administrative Templates > Samba > GNOME' when editing my policy with the default samba admx template that was loaded via 'samba-tool gpo admxload -U Administrator". Not quite sure how to go about debugging why its not there since the wiki just says that its with the default template is loaded. Does it matter that I already had windows admx templates installed then installed samba admx templates after the fact?

See the instructions on how to install the ADMX templates
(Administrative Templates):
https://dmulder.github.io/group-policy-book/install-admx.html#install-admx-samba

If you've already installed them, then you should know there is actually
a bug. GPMC doesn't read templates with a space ' ' in the name. Rename
'libgpo/admx/GNOME Settings.admx' and 'libgpo/admx/en-US/GNOME
Settings.adml' to use an underscore instead of a space. This is already
fixed in Samba master. Perhaps we should backport this?

Like this:
libgpo/admx/GNOME_Settings.admx
libgpo/admx/en-US/GNOME_Settings.adml

--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.