[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
Attached debdiff for adsys 0.14.1 backport to Mantic ** Patch added: "adsys_0.14.1~23.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+attachment/5773212/+files/adsys_0.14.1~23.10.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: Fix Released Status in adsys source package in Jammy: Confirmed Status in golang-1.22 source package in Jammy: Confirmed Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
Attached debdiff for Go 1.22 backport to Mantic ** Patch added: "golang-1.22_1.22.2-2~23.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+attachment/5773187/+files/golang-1.22_1.22.2-2~23.10.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: Fix Released Status in adsys source package in Jammy: Confirmed Status in golang-1.22 source package in Jammy: Confirmed Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Patch removed: "ubuntu-proxy-manager_0.1~22.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+attachment/5761552/+files/ubuntu-proxy-manager_0.1~22.04.1.debdiff ** Patch added: "ubuntu-proxy-manager_0.1.1~22.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+attachment/5769691/+files/ubuntu-proxy-manager_0.1.1~22.04.1.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in golang-1.22 source package in Jammy: New Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >=
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: New Status in adsys source package in Jammy: New Status in golang-1.22 source package in Jammy: New Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text= [test plan] # Process Adsys follows a robust
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Patch added: "ubuntu-proxy-manager_0.1~22.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.22/+bug/2059756/+attachment/5761552/+files/ubuntu-proxy-manager_0.1~22.04.1.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: New Status in adsys source package in Jammy: New Status in golang-1.22 source package in Jammy: New Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Patch added: "golang-1.22_1.22.1-1~ubuntu22.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.22/+bug/2059756/+attachment/5761550/+files/golang-1.22_1.22.1-1~ubuntu22.04.1.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: New Status in adsys source package in Jammy: New Status in golang-1.22 source package in Jammy: New Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Also affects: golang-1.22 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: New Status in adsys source package in Jammy: New Status in golang-1.22 source package in Jammy: New Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) * Note: Both are currently in the new queue of 22.04 :
[Desktop-packages] [Bug 2043376] Re: adsys cant fetch gpos ubuntu 22.04.3
@francisreyes internally, adsys uses /run/adsys/krb5cc/$HOST as the machine krb5 ticket (which it sources from /var/lib/sss/db/ccache_DOMAIN in a sssd setup) - so you can mimic what adsys does by exporting KRB5CCNAME to the path above before running the adsys-gpolist script. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2043376 Title: adsys cant fetch gpos ubuntu 22.04.3 Status in adsys package in Ubuntu: Confirmed Bug description: VERSIONS: ubuntu 22.04.3 libsmbclient 2:4.15.13+dfsg-0ubuntu1.5 adsysctl 0.9.2~22.04.2 adsysd 0.9.2~22.04.2 Hi when i try the command adsysctl update -m or --all i receive this error: Error from server: error while updating policy: cant get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). Result of adsysctl service cat -vvv NFO github.com/ubuntu/adsys/internal/config/config.go:73 Init() No configuration file: Config File "adsys" Not Found in "[/home/ubuntuvm /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[41753:876951]] DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/Cat DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:191 Authorizer.isAllowed() Polkit call result, authorized: true DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:397 (*AD).ListActiveUsers() [[41745:695267]] ListActiveUsers INFO github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:39 StreamServerInterceptor.func1() Error sent to client: error while updating policy: can't get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:33 StreamServerInterceptor.func1.1() Request /service/UpdatePolicy done INFO github.com/ubuntu/adsys/internal/grpc/interceptorschain/chainer.go:16 StreamServer.func1.1.1() New connection from client [[41768:773422]] DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() [[41768:773422]] New request /service/UpdatePolicy DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() [[41768:773422]] Requesting with parameters: IsComputer: false, All: true, Target: , Krb5Cc: DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:571 (*AD).NormalizeTargetName() [[41768:773422]] NormalizeTargetName for "", type "computer" DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() [[41768:773422]] Check if grpc request peer is authorized DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() [[41768:773422]] Authorized as being administrator DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:225 (*AD).GetPolicies() [[41768:773422]] GetPolicies for "ubuntuvm", type "computer" DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:293 (*AD).GetPolicies() [[41768:773422]] Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com ubuntuvm" DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:397 (*AD).ListActiveUsers() [[41768:773422]] ListActiveUsers INFO github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:39 StreamServerInterceptor.func1() Error sent to client: error while updating policy: can't get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed When I run the commands: export KRB5CCNAME=/var/run/adsys/krb5cc/$(hostname) adsysctl policy debug gpolist-script chmod +x adsys-gpolist ./adsys-gpolist --objectclass computer ldap:// $(hostname) adsys-gpolist script get this error: Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). and the command smbclient get this error smbclient --option='log level=10' ///SYSVOL/ -k -c 'get /Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI /dev/fd/1' | cat
[Desktop-packages] [Bug 2054445] [NEW] Regresion in sssd backend configuration
Public bug reported: This is a regression from when we added support for multiple AD backends (see https://github.com/ubuntu/adsys/pull/467) Previously adsys would use the first domain from `sssd.conf` and potentially override it if `ad_domain` is explicitly set for the domain, see: https://github.com/ubuntu/adsys/blob/32a830f2a8204cc8b896094bad512ed619fbf6b7/internal/adsysservice/adsysservice.go#L279-L280 The current implementation raises an error if we are not able to find an `ad_domain` setting in the domain section, even if we already have a domain (`sssdDomain`): https://github.com/ubuntu/adsys/blob/c68d2cc999d25b1cb408a9e31775a76d2af4c8c7/internal/ad/backends/sss/sss.go#L62-L65 Ideally we should set `domain` to `sssdDomain` if we cannot find a value for `ad_domain`, which will mimic the behavior previous to the refactor. While by default joining a domain with `realm join` will set the appropriate configuration values in `sssd.conf` so this doesn't happen, this is a regression we should aim to fix. ### Steps to reproduce it 1. Join an AD domain with sssd (e.g. using `realm join`) 2. Install the latest version of adsys, run `adsysctl update -m -vv`, everything should work 3. Comment out the `ad_domain` line from `/etc/sssd/sssd.conf` 4. `adsysctl update -m -vv` now fails, and the adsysd service does not start anymore 5. (Optional) To confirm the functionality prior to the regression, re-attempt the steps above on Ubuntu 22.04 using the adsys version currently in the archive (0.9.2) -- adsys is able to correctly determine the domain even without the `ad_domain` setting. GitHub issue: https://github.com/ubuntu/adsys/issues/910 ** Affects: adsys (Ubuntu) Importance: Undecided Status: Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2054445 Title: Regresion in sssd backend configuration Status in adsys package in Ubuntu: Fix Committed Bug description: This is a regression from when we added support for multiple AD backends (see https://github.com/ubuntu/adsys/pull/467) Previously adsys would use the first domain from `sssd.conf` and potentially override it if `ad_domain` is explicitly set for the domain, see: https://github.com/ubuntu/adsys/blob/32a830f2a8204cc8b896094bad512ed619fbf6b7/internal/adsysservice/adsysservice.go#L279-L280 The current implementation raises an error if we are not able to find an `ad_domain` setting in the domain section, even if we already have a domain (`sssdDomain`): https://github.com/ubuntu/adsys/blob/c68d2cc999d25b1cb408a9e31775a76d2af4c8c7/internal/ad/backends/sss/sss.go#L62-L65 Ideally we should set `domain` to `sssdDomain` if we cannot find a value for `ad_domain`, which will mimic the behavior previous to the refactor. While by default joining a domain with `realm join` will set the appropriate configuration values in `sssd.conf` so this doesn't happen, this is a regression we should aim to fix. ### Steps to reproduce it 1. Join an AD domain with sssd (e.g. using `realm join`) 2. Install the latest version of adsys, run `adsysctl update -m -vv`, everything should work 3. Comment out the `ad_domain` line from `/etc/sssd/sssd.conf` 4. `adsysctl update -m -vv` now fails, and the adsysd service does not start anymore 5. (Optional) To confirm the functionality prior to the regression, re-attempt the steps above on Ubuntu 22.04 using the adsys version currently in the archive (0.9.2) -- adsys is able to correctly determine the domain even without the `ad_domain` setting. GitHub issue: https://github.com/ubuntu/adsys/issues/910 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2054445/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2051363] Re: Cannot perform certificate auto-enroll without NDES installed
** Changed in: adsys (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2051363 Title: Cannot perform certificate auto-enroll without NDES installed Status in adsys package in Ubuntu: Fix Committed Bug description: NDES role should not be mandatory in order to perform certificate auto-enrollment with adsys. Samba/ADSys is able to take advantage of the NDES endpoint to install the root certificate chain, but is also able to infer the certificate information from LDAP. Due to a bug in the Samba implementation of cert-autoenroll, the root cert is not parsed properly if the NDES component is not installed -- so in the current state attempting auto-enrollment without NDES installed will result in an error like the following: 2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain. | {} 2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is either not installed or not configured. | {} 2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {} Traceback (most recent call last): File "", line 142, in File "", line 89, in main File "", line 20, in enroll File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 502, in __enroll self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir, File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 369, in apply data = applier_func(*args, **kwargs) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 274, in cert_enroll root_certs = getca(ca, url, trust_dir) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 221, in getca cert = load_der_x509_certificate(ca['cACertificate'], ^^ File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528, in load_der_x509_certificate return rust_x509.load_der_x509_certificate(data) ^ TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2051363/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2051363] [NEW] Cannot perform certificate auto-enroll without NDES installed
Public bug reported: NDES role should not be mandatory in order to perform certificate auto- enrollment with adsys. Samba/ADSys is able to take advantage of the NDES endpoint to install the root certificate chain, but is also able to infer the certificate information from LDAP. Due to a bug in the Samba implementation of cert-autoenroll, the root cert is not parsed properly if the NDES component is not installed -- so in the current state attempting auto-enrollment without NDES installed will result in an error like the following: 2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain. | {} 2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is either not installed or not configured. | {} 2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {} Traceback (most recent call last): File "", line 142, in File "", line 89, in main File "", line 20, in enroll File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 502, in __enroll self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir, File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 369, in apply data = applier_func(*args, **kwargs) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 274, in cert_enroll root_certs = getca(ca, url, trust_dir) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 221, in getca cert = load_der_x509_certificate(ca['cACertificate'], ^^ File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528, in load_der_x509_certificate return rust_x509.load_der_x509_certificate(data) ^ TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes' ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2051363 Title: Cannot perform certificate auto-enroll without NDES installed Status in adsys package in Ubuntu: New Bug description: NDES role should not be mandatory in order to perform certificate auto-enrollment with adsys. Samba/ADSys is able to take advantage of the NDES endpoint to install the root certificate chain, but is also able to infer the certificate information from LDAP. Due to a bug in the Samba implementation of cert-autoenroll, the root cert is not parsed properly if the NDES component is not installed -- so in the current state attempting auto-enrollment without NDES installed will result in an error like the following: 2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain. | {} 2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is either not installed or not configured. | {} 2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {} Traceback (most recent call last): File "", line 142, in File "", line 89, in main File "", line 20, in enroll File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 502, in __enroll self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir, File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 369, in apply data = applier_func(*args, **kwargs) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 274, in cert_enroll root_certs = getca(ca, url, trust_dir) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 221, in getca cert = load_der_x509_certificate(ca['cACertificate'], ^^ File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528, in load_der_x509_certificate return rust_x509.load_der_x509_certificate(data) ^ TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2051363/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2043376] Re: adsys cant fetch gpos ubuntu 22.04.3
Hey, thanks for your bug report. Given that smbclient fails in a similar manner, this suggests that the issue is not limited to adsys but other programs interacting with AD too. Unfortunately NT_STATUS_INVALID_PARAMETER is a very common catch- all error and the root cause could be very environment-dependent. Can you paste the output of `klist` after running the `export KRB5CCNAME...` command? Also, what Windows version are you running on the domain controller? Additionally, to confirm, did you join the domain using the `realm join` command? It may be worth it to leave and rejoin the domain. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2043376 Title: adsys cant fetch gpos ubuntu 22.04.3 Status in adsys package in Ubuntu: New Bug description: VERSIONS: ubuntu 22.04.3 libsmbclient 2:4.15.13+dfsg-0ubuntu1.5 adsysctl 0.9.2~22.04.2 adsysd 0.9.2~22.04.2 Hi when i try the command adsysctl update -m or --all i receive this error: Error from server: error while updating policy: cant get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). Result of adsysctl service cat -vvv NFO github.com/ubuntu/adsys/internal/config/config.go:73 Init() No configuration file: Config File "adsys" Not Found in "[/home/ubuntuvm /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[41753:876951]] DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/Cat DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:191 Authorizer.isAllowed() Polkit call result, authorized: true DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:397 (*AD).ListActiveUsers() [[41745:695267]] ListActiveUsers INFO github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:39 StreamServerInterceptor.func1() Error sent to client: error while updating policy: can't get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:33 StreamServerInterceptor.func1.1() Request /service/UpdatePolicy done INFO github.com/ubuntu/adsys/internal/grpc/interceptorschain/chainer.go:16 StreamServer.func1.1.1() New connection from client [[41768:773422]] DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() [[41768:773422]] New request /service/UpdatePolicy DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() [[41768:773422]] Requesting with parameters: IsComputer: false, All: true, Target: , Krb5Cc: DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:571 (*AD).NormalizeTargetName() [[41768:773422]] NormalizeTargetName for "", type "computer" DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() [[41768:773422]] Check if grpc request peer is authorized DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() [[41768:773422]] Authorized as being administrator DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:225 (*AD).GetPolicies() [[41768:773422]] GetPolicies for "ubuntuvm", type "computer" DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:293 (*AD).GetPolicies() [[41768:773422]] Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com ubuntuvm" DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:397 (*AD).ListActiveUsers() [[41768:773422]] ListActiveUsers INFO github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:39 StreamServerInterceptor.func1() Error sent to client: error while updating policy: can't get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed When I run the commands: export KRB5CCNAME=/var/run/adsys/krb5cc/$(hostname) adsysctl policy debug gpolist-script chmod +x adsys-gpolist ./adsys-gpolist --objectclass computer ldap:// $(hostname) adsys-gpolist script get this error: Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com' with backend 'ldap': LDAP
[Desktop-packages] [Bug 2044112] [NEW] Add dependency on nfs-common
Public bug reported: The nfs-common package is required if NFS shares are to be mounted on the client. Unlike cifs-utils, this package is not installed by default on Ubuntu Desktop. Given that we declare the former as a dependency we should do the same with nfs-common. ** Affects: adsys (Ubuntu) Importance: Undecided Status: Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2044112 Title: Add dependency on nfs-common Status in adsys package in Ubuntu: Fix Committed Bug description: The nfs-common package is required if NFS shares are to be mounted on the client. Unlike cifs-utils, this package is not installed by default on Ubuntu Desktop. Given that we declare the former as a dependency we should do the same with nfs-common. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2044112/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
This looks alright to me, GPOs are fetched and applied. Are you experiencing any other issues? If not I'll move forward with the fix from the PPA. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Confirmed Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Additional info: Domain Controller and machine are on the same subnet without firewall on any level; Domain Controller is a Windows Server 2019 updated to the last security version; Both machine and user are on the same OU with "no heritage" enabled and just one policy added to permit usern...@domain.com.br to become root; The info header directory is "/home/jzprates" on both logs because I've collected them using the local account using "sudo adsysctl update -m -"; If I disable Adsys login on pam-auth-update, Ubuntu creates a homedir and enter correctly
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Hey, Unfortunately with Samba logs there's a lot of noise to filter out. I compared one of your runs with my (successful) run and I noticed something interesting. We do a LDAP search to get the list of GPOs using the domain controller exposed by SSSD via D-Bus. For you the DC is autoselected as "n060adkhdc121". The list of GPOs is a list of URLs reported as "smb://domain.com/SysVol/domain.com/Policies..." which doesn't contain the DC name, only the domain name. When we download the GPOs, libsmbclient will try to resolve a DC from the domain, in your case it appears there are a lot of DCs advertised (looking at the "Connecting to ... at port ..." prints). For some reason, the DC selected by libsmbclient is "N060ADKAZ103" instead of the DC reported by SSSD. Hence we end up with this error: SPNEGO login failed: {Access Denied} A process has requested access to an object but has not been granted those access rights. I've pushed another build to the PPA mentioned above, where the GPO URLs are rewritten to contain the hostname of the DC in addition to the domain which will bypass the autoselect/discovery logic of libsmbclient and reuse the server exposed by SSSD when downloading the GPO data. You can install the package using the same steps from my previous comment. Please let me know if it works for you. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Confirmed Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Hi, I've prepared a version of adsys with debug logs enabled for libsmbclient, this way we can pinpoint exactly what causes the libsmbclient call inside adsys to fail. You can install the package using the following commands: sudo add-apt-repository ppa:gabuscus/adsys-smbclient-debug sudo apt update sudo apt install -y adsys After this, please run adsys once, then dump the journalctl logs to a file and attach it here (remember to redact any sensitive information): sudo adsysctl update -m -vv sudo journalctl -u adsysd -S yesterday > adsys_log.txt Hopefully this will get us closer to the root of the issue. Also, could you please tell me what Windows Server version you are running? Thanks! -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Confirmed Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Additional info: Domain
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Interesting - so we are able to get the list of GPOs, _and_ smbclient is able to print the contents of the GPT.INI file, but adsys still fails. At this point I'm out of ideas, I would suggest the following: - upgrade the system to make sure you are running the latest available versions of adsys (0.9.2~22.04.2) and libsmbclient (2:4.15.13+dfsg-0ubuntu1.5) for your OS version - confirm - paste the output of running `sudo adsysctl update -m -vv` again I noticed you're not the originator of the ticket and you haven't yet shared actual logs of running adsysctl - so this would be helpful in our investigation. Thanks! -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Confirmed Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Additional info: Domain Controller and machine are on the same subnet without firewall on any level;
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Thanks for getting back. Noticing a couple of things about your pasted output: - Did you run the first set of commands in a root session? This is necessary because the user needs to be able to read the `/var/run/adsys/krb5cc/$(hostname)` file. You can confirm this by trying to `cat` the file - it shouldn't give you a Permission denied error. - The export command looks a bit wrong, we need `KRB5CCNAME=/var/run/adsys/krb5cc/$(hostname)` since `hostname` is a shell command. You can confirm that the variable is set correctly by running klist (provided by the krb5-user package). See an example below: root@jammy-337515ec:~# export KRB5CCNAME=/var/run/adsys/krb5cc/jammy-337515ec root@jammy-337515ec:~# klist Ticket cache: FILE:/var/run/adsys/krb5cc/jammy-337515ec Default principal: JAMMY-337515EC$@DOMAIN.COM - You ran `smbclient` with sudo - unfortunately sudo does not preserve environment variables which is why the KRB5CCNAME value defaults to `FILE:/tmp/krb5cc_0` (as seen from the second command logs). This is why I suggested running everything as root. Or, pass the -E flag to sudo in order to preserve environment variables. If there's no file at `/var/run/adsys/krb5cc/$(hostname)`, please run `adsysctl update -m` as root and it should be created (even if the command fails). Thanks for your patience, and let me know how this goes -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Confirmed Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Thanks for reaching back. Unfortunately we haven't been able to reproduce this issue and we suspect it's somehow related to the Windows environment or libsmbclient itself. Could you try the following? In a root console, execute the following: export KRB5CCNAME=/var/run/adsys/krb5cc/$(hostname) adsysctl policy debug gpolist-script chmod +x adsys-gpolist ./adsys-gpolist --objectclass computer ldap:// $(hostname) smbclient --option='log level=10' ///SYSVOL/ -k -c 'get /Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI /dev/fd/1' | cat You might need to install the smbclient package as well if it's not already installed. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Confirmed Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Additional info: Domain Controller and machine are on the same subnet without firewall
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Hello, The issues described for 22.10 and 23.04 were fixed by https://github.com/ubuntu/adsys/pull/699 and are available since adsys v0.12.0. However this is only available in Mantic which is not yet released. For the "invalid argument" issue encountered in 22.04, could you confirm the version of the installed libsmbclient library in 22.04? Thanks -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Confirmed Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Additional info: Domain Controller and machine are on the same subnet without firewall on any level; Domain Controller is a Windows Server 2019 updated to the last security version; Both machine and user are on the same OU with "no heritage" enabled and just one policy added to permit usern...@domain.com.br to become root; The info header directory is
[Desktop-packages] [Bug 2012371] Re: [FFe] ubuntu-proxy-manager and adsys
** Description changed: Ubuntu Proxy Manager is a D-Bus mediated service that allows for managing system proxy settings via multiple backends (APT, environment variables and GSettings). We request a FFe for this new source package (ubuntu-proxy-manager). As it's a new source package the risk of it breaking existing setups is non-existent as it must be explicitly opted into by users. The package is written in Go and benefits from an extensive test suite covering over 90% of the codebase. Additionally, we would like to request a FFe for adsys where we added a Suggests dependency on ubuntu-proxy-manager. We have taken great care on the adsys part to maintain backwards compatibility and not affect users who do not install the ubuntu-proxy-manager package. + Installing the ubuntu-proxy-manager package on its own has no impact to + the system. To benefit from its functionality adsys has to be upgraded + and correctly configured. + - Relevant URLs: 1. ubuntu-proxy-manager homepage: https://github.com/ubuntu/ubuntu-proxy-manager 2. ubuntu-proxy-manager implementation in ADSys: https://github.com/ubuntu/adsys/pull/637 3. LP build of ubuntu-proxy-manager: https://launchpad.net/~gabuscus/+archive/ubuntu/ppa/+sourcepub/14562796/+listing-archive-extra 4. LP build of adsys: https://launchpad.net/~gabuscus/+archive/ubuntu/ppa/+sourcepub/14562807/+listing-archive-extra -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2012371 Title: [FFe] ubuntu-proxy-manager and adsys Status in adsys package in Ubuntu: New Bug description: Ubuntu Proxy Manager is a D-Bus mediated service that allows for managing system proxy settings via multiple backends (APT, environment variables and GSettings). We request a FFe for this new source package (ubuntu-proxy-manager). As it's a new source package the risk of it breaking existing setups is non-existent as it must be explicitly opted into by users. The package is written in Go and benefits from an extensive test suite covering over 90% of the codebase. Additionally, we would like to request a FFe for adsys where we added a Suggests dependency on ubuntu-proxy-manager. We have taken great care on the adsys part to maintain backwards compatibility and not affect users who do not install the ubuntu-proxy-manager package. Installing the ubuntu-proxy-manager package on its own has no impact to the system. To benefit from its functionality adsys has to be upgraded and correctly configured. - Relevant URLs: 1. ubuntu-proxy-manager homepage: https://github.com/ubuntu/ubuntu-proxy-manager 2. ubuntu-proxy-manager implementation in ADSys: https://github.com/ubuntu/adsys/pull/637 3. LP build of ubuntu-proxy-manager: https://launchpad.net/~gabuscus/+archive/ubuntu/ppa/+sourcepub/14562796/+listing-archive-extra 4. LP build of adsys: https://launchpad.net/~gabuscus/+archive/ubuntu/ppa/+sourcepub/14562807/+listing-archive-extra To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2012371/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2012371] [NEW] [FFe] ubuntu-proxy-manager and adsys
Public bug reported: Ubuntu Proxy Manager is a D-Bus mediated service that allows for managing system proxy settings via multiple backends (APT, environment variables and GSettings). We request a FFe for this new source package (ubuntu-proxy-manager). As it's a new source package the risk of it breaking existing setups is non-existent as it must be explicitly opted into by users. The package is written in Go and benefits from an extensive test suite covering over 90% of the codebase. Additionally, we would like to request a FFe for adsys where we added a Suggests dependency on ubuntu-proxy-manager. We have taken great care on the adsys part to maintain backwards compatibility and not affect users who do not install the ubuntu-proxy-manager package. - Relevant URLs: 1. ubuntu-proxy-manager homepage: https://github.com/ubuntu/ubuntu-proxy-manager 2. ubuntu-proxy-manager implementation in ADSys: https://github.com/ubuntu/adsys/pull/637 3. LP build of ubuntu-proxy-manager: https://launchpad.net/~gabuscus/+archive/ubuntu/ppa/+sourcepub/14562796/+listing-archive-extra 4. LP build of adsys: https://launchpad.net/~gabuscus/+archive/ubuntu/ppa/+sourcepub/14562807/+listing-archive-extra ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2012371 Title: [FFe] ubuntu-proxy-manager and adsys Status in adsys package in Ubuntu: New Bug description: Ubuntu Proxy Manager is a D-Bus mediated service that allows for managing system proxy settings via multiple backends (APT, environment variables and GSettings). We request a FFe for this new source package (ubuntu-proxy-manager). As it's a new source package the risk of it breaking existing setups is non-existent as it must be explicitly opted into by users. The package is written in Go and benefits from an extensive test suite covering over 90% of the codebase. Additionally, we would like to request a FFe for adsys where we added a Suggests dependency on ubuntu-proxy-manager. We have taken great care on the adsys part to maintain backwards compatibility and not affect users who do not install the ubuntu-proxy-manager package. - Relevant URLs: 1. ubuntu-proxy-manager homepage: https://github.com/ubuntu/ubuntu-proxy-manager 2. ubuntu-proxy-manager implementation in ADSys: https://github.com/ubuntu/adsys/pull/637 3. LP build of ubuntu-proxy-manager: https://launchpad.net/~gabuscus/+archive/ubuntu/ppa/+sourcepub/14562796/+listing-archive-extra 4. LP build of adsys: https://launchpad.net/~gabuscus/+archive/ubuntu/ppa/+sourcepub/14562807/+listing-archive-extra To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2012371/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982351] Re: [SRU] Backport adsys-windows binary package
Hey Timo, Yes, as we have LP bugs for everything else that went in adsys as well: - https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982349 - https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982348 - https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982347 - https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982345 - https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982343 - https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982342 - https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982330 Let me know if I missed anything as this is my first SRU. Thanks! -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982351 Title: [SRU] Backport adsys-windows binary package Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: New Status in adsys source package in Jammy: New Bug description: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] * adsys-windows is a new binary package. Impact is thus only for people installing. * This is a enterprise feature requested by desktop customers running LTS. [Test Plan] 1. Install the adsys-windows package 2. Copy the adwatchd.exe executable from /usr/share/adsys/windows on a Windows machine and run it: 3. Set a path where the configuration file will be written 4. Input a list of policy scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the root of the watched directory. If a GPT.INI is not found, the daemon will create one. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982351/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982343] Re: Cannot parse policy entries with unsupported types
** Also affects: adsys (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982343 Title: Cannot parse policy entries with unsupported types Status in adsys package in Ubuntu: New Status in adsys source package in Focal: New Status in adsys source package in Jammy: New Bug description: [Impact] Policies with unsupported types are currently unable to be parsed. Even if Ubuntu doesn't support these types we should still be able to parse the Microsoft ones - otherwise we are unable to apply any of the GPOs. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu supports a limited subset of types, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/387 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982343/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982347] Re: Username is case sensitive when applying policies on login
** Also affects: adsys (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982347 Title: Username is case sensitive when applying policies on login Status in adsys package in Ubuntu: New Status in adsys source package in Focal: New Status in adsys source package in Jammy: New Bug description: [Impact] When logging in (either via login or ssh) to an AD account using different case combinations, adsysd uses the specified account name instead of the lowercase one reported by getent/whoami to apply the GPOs. I believe this comes from the pam_get_item call here: https://github.com/ubuntu/adsys/blob/e3316e5e37970a07f09fa6df553ddac096c91255/pam/pam_adsys.c#L266 This works but has the unintended side effect of producing multiple dconf profile files for each variant of the username, and caching policies as well: root@ubuntu2204:~# ls /etc/dconf/profile/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz root@ubuntu2204:~# ls /var/cache/adsys/policies/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz Of course this all stems from the username retrieved by PAM so there might be more unintended side-effects, the dconf one being the easiest to observe. To ensure an unified experience, when a target name is normalized from e.g. DOMAIN\User to User@DOMAIN, it will also be lowercased. [Test Plan] Reproduction: * With adsys set up, log in on the Ubuntu client using an AD account, alternating cases * Observe multiple files created at /var/cache/adsys/policies With the fix applied, remove *all* cached policies at /var/cache/adsys/policies and attempt to login with different case combinations of the AD account, e.g.: administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz As root, check the contents of /var/cache/adsys/policies - you should only see a lowercase entry: administra...@warthogs.biz [Where problems could occur] Target name normalization is exercised by the code that dumps policies applied for a given user, and by the code that updates or creates a policy for a given user. If this happens to cause a bug, it will render the core part of adsys unusable. We believe this is highly unlikely given that in some cases, adsys already used the lowercase variant of the username to apply and display policies. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/378 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982347/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982345] Re: Cannot parse policy entries with no data
** Also affects: adsys (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982345 Title: Cannot parse policy entries with no data Status in adsys package in Ubuntu: New Status in adsys source package in Focal: New Status in adsys source package in Jammy: New Bug description: [Impact] The Default Domain Policy for Computers has a bunch of SystemCertificates keys with no data which adsys fails to parse. Here are some examples: Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates Software\Policies\Microsoft\SystemCertificates\ACRS\CRLs Software\Policies\Microsoft\SystemCertificates\ACRS\CTLs Software\Policies\Microsoft\SystemCertificates\CA\Certificates Software\Policies\Microsoft\SystemCertificates\CA\CRLs Software\Policies\Microsoft\SystemCertificates\CA\CTLs Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs Software\Policies\Microsoft\SystemCertificates\DPNGRA\Certificates When examined with a hex editor, these look like the following: : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. The last field of the [key;value;type;size;data] stanza is entirely empty (semicolon succeeded immediately by a closing brace) whereas we expect a null character. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not have policy entries with no data, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy for Computers on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/384 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982345/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982349] Re: Manage energy profile settings
** Also affects: adsys (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982349 Title: Manage energy profile settings Status in adsys package in Ubuntu: New Status in adsys source package in Focal: New Status in adsys source package in Jammy: New Bug description: [Impact] Adsys cannot currently manage GSettings power management keys, such as: /org/gnome/settings-daemon/plugins/power/ambient-enabled /org/gnome/settings-daemon/plugins/power/idle-brightness /org/gnome/settings-daemon/plugins/power/idle-dim /org/gnome/settings-daemon/plugins/power/lid-close-ac-action /org/gnome/settings-daemon/plugins/power/lid-close-battery-action /org/gnome/settings-daemon/plugins/power/lid-close-suspend-with-external-monitor /org/gnome/settings-daemon/plugins/power/power-button-action /org/gnome/settings-daemon/plugins/power/power-saver-profile-on-low-battery /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type [Test Plan] * Open the Group Policy Management Editor for a configured policy * Navigate to Computer Configuration > Administrative Templates > Ubuntu > Client management > Power Management * Double click on the last entry: Whether to hibernate ... * Enable it, set the value to "hibernate" * On a client with adsys, while connected on an AD account, run sudo adsysctl update -m -vv * Observe the logs that indicate the parsing of the dconf key: DEBUG Analyzing entry {Key:org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type Value:hibernate Disabled:false Meta:s Strategy: Err:} * Observe the output of the following command (it should print 'hibernate'): gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type [Where problems could occur] This code is located in the dconf policy application manager and restricted to it. The negative impact in case of a new bug will be seen by gsettings key not being applied. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/135 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982349/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982348] Re: Describe if a key requires an Ubuntu Pro subscription
** Also affects: adsys (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982348 Title: Describe if a key requires an Ubuntu Pro subscription Status in adsys package in Ubuntu: New Status in adsys source package in Focal: New Status in adsys source package in Jammy: New Bug description: [Impact] Before applying policies, adsys checks for the existence of an Ubuntu Pro subscription. If not found, all keys with the exception of dconf keys are filtered, as they require Ubuntu Pro. Annotate the generated ADMX/ADML files with this information. [Test Plan] * Open the Group Policy Management Editor * Navigate to User Configuration > Administrative Templates > Ubuntu > Session Management > User Scripts > Logoff scripts * The description should contain the following line: An Ubuntu Pro subscription on the client is required to apply this policy. [Where problems could occur] This is a purely visual change that only impacts generated XML files. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/377 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982348/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982330] Re: Cannot apply policies from uppercase class path like "MACHINE"
** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982330 Title: Cannot apply policies from uppercase class path like "MACHINE" Status in adsys package in Ubuntu: New Status in adsys source package in Focal: New Status in adsys source package in Jammy: New Bug description: [Impact] ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied. This is a common occurence with GPOs created by Microsoft, like the Default Domain Policy. [Test Plan] Reproduction: * Mark the Default Domain Policy as active for the client, and set some Ubuntu policy entries. * Restart and/or manually sync the client machine. * Observe the log message indicating that parsing the GPO failed: Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory * Observe that the Ubuntu policies were not applied. To confirm the bug is fixed, repeat the steps above after applying the fix, and the policies should be applied. [Where problems could occur] * Fixing this bug will allow adsys to parse, and possibly fail when applying policies from an uppercase path, whereas before it silently ignored them. Fixes for these potential bugs have also been submitted. [Other Info] The issue was initially reported on GitHub: https://github.com/ubuntu/adsys/issues/346 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982330/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982342] Re: Cannot parse policies with empty values
** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982342 Title: Cannot parse policies with empty values Status in adsys package in Ubuntu: New Status in adsys source package in Focal: New Status in adsys source package in Jammy: New Bug description: [Impact] In addition to empty data, some Microsoft policy entries happen to have empty values as well. See the following entry: // [key;value;type;size;data] : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. This fails hard when parsing, returning an `empty value` error, rendering the remaining policies unparsable. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not support policy entries with empty values, we must still be able to parse them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/386 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982342/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982347] Re: Username is case sensitive when applying policies on login
** Description changed: [Impact] When logging in (either via login or ssh) to an AD account using different case combinations, adsysd uses the specified account name instead of the lowercase one reported by getent/whoami to apply the GPOs. I believe this comes from the pam_get_item call here: https://github.com/ubuntu/adsys/blob/e3316e5e37970a07f09fa6df553ddac096c91255/pam/pam_adsys.c#L266 This works but has the unintended side effect of producing multiple dconf profile files for each variant of the username, and caching policies as well: root@ubuntu2204:~# ls /etc/dconf/profile/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz root@ubuntu2204:~# ls /var/cache/adsys/policies/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz Of course this all stems from the username retrieved by PAM so there might be more unintended side-effects, the dconf one being the easiest to observe. To ensure an unified experience, when a target name is normalized from e.g. DOMAIN\User to User@DOMAIN, it will also be lowercased. [Test Plan] - * Enable a dconf policy on the AD controller - * Log in with an AD account, alternating cases - * Observe multiple files created at /etc/dconf/profile and /var/cache/adsys/policies + Reproduction: + * With adsys set up, log in on the Ubuntu client using an AD account, alternating cases + * Observe multiple files created at /var/cache/adsys/policies + + With the fix applied, remove *all* cached policies at + /var/cache/adsys/policies and attempt to login with different case + combinations of the AD account, e.g.: + + administra...@warthogs.biz + administra...@warthogs.biz + administra...@warthogs.biz + administra...@warthogs.biz + + As root, check the contents of /var/cache/adsys/policies - you should + only see a lowercase entry: administra...@warthogs.biz + [Where problems could occur] - After login succeeds, an AD username is _always_ reported as lowercase - by the system, so there are no suspected side-effects of this change. + Target name normalization is exercised by the code that dumps policies + applied for a given user, and by the code that updates or creates a + policy for a given user. If this happens to cause a bug, it will render + the core part of adsys unusable. + + We believe this is highly unlikely given that in some cases, adsys + already used the lowercase variant of the username to apply and display + policies. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/378 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982347 Title: Username is case sensitive when applying policies on login Status in adsys package in Ubuntu: New Bug description: [Impact] When logging in (either via login or ssh) to an AD account using different case combinations, adsysd uses the specified account name instead of the lowercase one reported by getent/whoami to apply the GPOs. I believe this comes from the pam_get_item call here: https://github.com/ubuntu/adsys/blob/e3316e5e37970a07f09fa6df553ddac096c91255/pam/pam_adsys.c#L266 This works but has the unintended side effect of producing multiple dconf profile files for each variant of the username, and caching policies as well: root@ubuntu2204:~# ls /etc/dconf/profile/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz root@ubuntu2204:~# ls /var/cache/adsys/policies/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz Of course this all stems from the username retrieved by PAM so there might be more unintended side-effects, the dconf one being the easiest to observe. To ensure an unified experience, when a target name is normalized from e.g. DOMAIN\User to User@DOMAIN, it will also be lowercased. [Test Plan] Reproduction: * With adsys set up, log in on the Ubuntu client using an AD account, alternating cases * Observe multiple files created at /var/cache/adsys/policies With the fix applied, remove *all* cached policies at /var/cache/adsys/policies and attempt to login with different case combinations of the AD account, e.g.: administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz As root, check the contents of /var/cache/adsys/policies - you should only see a lowercase entry: administra...@warthogs.biz [Where problems could occur] Target name normalization is exercised by the code that dumps policies applied for a given user, and by the code that updates or creates a policy for a given user. If this happens to cause a bug, it will
[Desktop-packages] [Bug 1982351] Re: [SRU] Backport adsys-windows binary package
** Description changed: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] * adsys-windows is a new binary package. Impact is thus only for people installing. - * This is a entreprise feature requested by desktop customers running LTS. + * This is a enterprise feature requested by desktop customers running LTS. [Test Plan] 1. Install the adsys-windows package - 2. Copy the adwatchd.exe executable on a Windows machine and run it: + 2. Copy the adwatchd.exe executable from /usr/share/adsys/windows on a Windows machine and run it: 3. Set a path where the configuration file will be written 4. Input a list of policy scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the root of the watched directory. If a GPT.INI is not found, the daemon will create one. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982351 Title: [SRU] Backport adsys-windows binary package Status in adsys package in Ubuntu: New Bug description: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] * adsys-windows is a new binary package. Impact is thus only for people installing. * This is a enterprise feature requested by desktop customers running LTS. [Test Plan] 1. Install the adsys-windows package 2. Copy the adwatchd.exe executable from /usr/share/adsys/windows on a Windows machine and run it: 3. Set a path where the configuration file will be written 4. Input a list of policy scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the root of the watched directory. If a GPT.INI is not found, the daemon will create one. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982351/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982349] Re: Manage energy profile settings
** Description changed: [Impact] Adsys cannot currently manage GSettings power management keys, such as: /org/gnome/settings-daemon/plugins/power/ambient-enabled /org/gnome/settings-daemon/plugins/power/idle-brightness /org/gnome/settings-daemon/plugins/power/idle-dim /org/gnome/settings-daemon/plugins/power/lid-close-ac-action /org/gnome/settings-daemon/plugins/power/lid-close-battery-action /org/gnome/settings-daemon/plugins/power/lid-close-suspend-with-external-monitor /org/gnome/settings-daemon/plugins/power/power-button-action /org/gnome/settings-daemon/plugins/power/power-saver-profile-on-low-battery /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type [Test Plan] - * Open the Group Policy Management Editor + * Open the Group Policy Management Editor for a configured policy * Navigate to Computer Configuration > Administrative Templates > Ubuntu > Client management > Power Management - * Activate any of the entries + * Double click on the last entry: Whether to hibernate ... + * Enable it, set the value to "hibernate" + * On a client with adsys, while connected on an AD account, run sudo adsysctl update -m -vv + * Observe the logs that indicate the parsing of the dconf key: + + DEBUG Analyzing entry {Key:org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type Value:hibernate Disabled:false Meta:s Strategy: Err:} + * Observe the output of the following command (it should print 'hibernate'): gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type [Where problems could occur] - This feature is additive and only impacts generated files that are used - solely on Windows. + This code is located in the dconf policy application manager and + restricted to it. The negative impact in case of a new bug will be seen + by gsettings key not being applied. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/135 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982349 Title: Manage energy profile settings Status in adsys package in Ubuntu: New Bug description: [Impact] Adsys cannot currently manage GSettings power management keys, such as: /org/gnome/settings-daemon/plugins/power/ambient-enabled /org/gnome/settings-daemon/plugins/power/idle-brightness /org/gnome/settings-daemon/plugins/power/idle-dim /org/gnome/settings-daemon/plugins/power/lid-close-ac-action /org/gnome/settings-daemon/plugins/power/lid-close-battery-action /org/gnome/settings-daemon/plugins/power/lid-close-suspend-with-external-monitor /org/gnome/settings-daemon/plugins/power/power-button-action /org/gnome/settings-daemon/plugins/power/power-saver-profile-on-low-battery /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type [Test Plan] * Open the Group Policy Management Editor for a configured policy * Navigate to Computer Configuration > Administrative Templates > Ubuntu > Client management > Power Management * Double click on the last entry: Whether to hibernate ... * Enable it, set the value to "hibernate" * On a client with adsys, while connected on an AD account, run sudo adsysctl update -m -vv * Observe the logs that indicate the parsing of the dconf key: DEBUG Analyzing entry {Key:org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type Value:hibernate Disabled:false Meta:s Strategy: Err:} * Observe the output of the following command (it should print 'hibernate'): gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type [Where problems could occur] This code is located in the dconf policy application manager and restricted to it. The negative impact in case of a new bug will be seen by gsettings key not being applied. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/135 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982349/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982351] Re: [SRU] Backport adsys-windows binary package
** Description changed: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] - * adsys-windows is a new binary package. Impact is thus only for people installing. - * This is a entreprise feature requested by desktop customers running LTS. + * adsys-windows is a new binary package. Impact is thus only for people installing. + * This is a entreprise feature requested by desktop customers running LTS. [Test Plan] - Copy the adwatchd.exe executable on a Windows machine and run it: - 1. set a path where the configuration file will be written - 2. input a list of scripts directories to be watched + 1. Install the adsys-windows package + 2. Copy the adwatchd.exe executable on a Windows machine and run it: + 3. Set a path where the configuration file will be written + 4. Input a list of policy scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the - root of the watched directory. + root of the watched directory. If a GPT.INI is not found, the daemon + will create one. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982351 Title: [SRU] Backport adsys-windows binary package Status in adsys package in Ubuntu: New Bug description: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] * adsys-windows is a new binary package. Impact is thus only for people installing. * This is a entreprise feature requested by desktop customers running LTS. [Test Plan] 1. Install the adsys-windows package 2. Copy the adwatchd.exe executable on a Windows machine and run it: 3. Set a path where the configuration file will be written 4. Input a list of policy scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the root of the watched directory. If a GPT.INI is not found, the daemon will create one. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982351/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982351] [NEW] [SRU] Backport adsys-windows binary package
Public bug reported: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] * adsys-windows is a new binary package. Impact is thus only for people installing. * This is a entreprise feature requested by desktop customers running LTS. [Test Plan] Copy the adwatchd.exe executable on a Windows machine and run it: 1. set a path where the configuration file will be written 2. input a list of scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the root of the watched directory. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982351 Title: [SRU] Backport adsys-windows binary package Status in adsys package in Ubuntu: New Bug description: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] * adsys-windows is a new binary package. Impact is thus only for people installing. * This is a entreprise feature requested by desktop customers running LTS. [Test Plan] Copy the adwatchd.exe executable on a Windows machine and run it: 1. set a path where the configuration file will be written 2. input a list of scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the root of the watched directory. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982351/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982349] [NEW] Manage energy profile settings
Public bug reported: [Impact] Adsys cannot currently manage GSettings power management keys, such as: /org/gnome/settings-daemon/plugins/power/ambient-enabled /org/gnome/settings-daemon/plugins/power/idle-brightness /org/gnome/settings-daemon/plugins/power/idle-dim /org/gnome/settings-daemon/plugins/power/lid-close-ac-action /org/gnome/settings-daemon/plugins/power/lid-close-battery-action /org/gnome/settings-daemon/plugins/power/lid-close-suspend-with-external-monitor /org/gnome/settings-daemon/plugins/power/power-button-action /org/gnome/settings-daemon/plugins/power/power-saver-profile-on-low-battery /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type [Test Plan] * Open the Group Policy Management Editor * Navigate to Computer Configuration > Administrative Templates > Ubuntu > Client management > Power Management * Activate any of the entries [Where problems could occur] This feature is additive and only impacts generated files that are used solely on Windows. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/135 ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982349 Title: Manage energy profile settings Status in adsys package in Ubuntu: New Bug description: [Impact] Adsys cannot currently manage GSettings power management keys, such as: /org/gnome/settings-daemon/plugins/power/ambient-enabled /org/gnome/settings-daemon/plugins/power/idle-brightness /org/gnome/settings-daemon/plugins/power/idle-dim /org/gnome/settings-daemon/plugins/power/lid-close-ac-action /org/gnome/settings-daemon/plugins/power/lid-close-battery-action /org/gnome/settings-daemon/plugins/power/lid-close-suspend-with-external-monitor /org/gnome/settings-daemon/plugins/power/power-button-action /org/gnome/settings-daemon/plugins/power/power-saver-profile-on-low-battery /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type [Test Plan] * Open the Group Policy Management Editor * Navigate to Computer Configuration > Administrative Templates > Ubuntu > Client management > Power Management * Activate any of the entries [Where problems could occur] This feature is additive and only impacts generated files that are used solely on Windows. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/135 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982349/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982348] [NEW] Describe if a key requires an Ubuntu Pro subscription
Public bug reported: [Impact] Before applying policies, adsys checks for the existence of an Ubuntu Pro subscription. If not found, all keys with the exception of dconf keys are filtered, as they require Ubuntu Pro. Annotate the generated ADMX/ADML files with this information. [Test Plan] * Open the Group Policy Management Editor * Navigate to User Configuration > Administrative Templates > Ubuntu > Session Management > User Scripts > Logoff scripts * The description should contain the following line: An Ubuntu Pro subscription on the client is required to apply this policy. [Where problems could occur] This is a purely visual change that only impacts generated XML files. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/377 ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982348 Title: Describe if a key requires an Ubuntu Pro subscription Status in adsys package in Ubuntu: New Bug description: [Impact] Before applying policies, adsys checks for the existence of an Ubuntu Pro subscription. If not found, all keys with the exception of dconf keys are filtered, as they require Ubuntu Pro. Annotate the generated ADMX/ADML files with this information. [Test Plan] * Open the Group Policy Management Editor * Navigate to User Configuration > Administrative Templates > Ubuntu > Session Management > User Scripts > Logoff scripts * The description should contain the following line: An Ubuntu Pro subscription on the client is required to apply this policy. [Where problems could occur] This is a purely visual change that only impacts generated XML files. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/377 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982348/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982347] [NEW] Username is case sensitive when applying policies on login
Public bug reported: [Impact] When logging in (either via login or ssh) to an AD account using different case combinations, adsysd uses the specified account name instead of the lowercase one reported by getent/whoami to apply the GPOs. I believe this comes from the pam_get_item call here: https://github.com/ubuntu/adsys/blob/e3316e5e37970a07f09fa6df553ddac096c91255/pam/pam_adsys.c#L266 This works but has the unintended side effect of producing multiple dconf profile files for each variant of the username, and caching policies as well: root@ubuntu2204:~# ls /etc/dconf/profile/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz root@ubuntu2204:~# ls /var/cache/adsys/policies/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz Of course this all stems from the username retrieved by PAM so there might be more unintended side-effects, the dconf one being the easiest to observe. To ensure an unified experience, when a target name is normalized from e.g. DOMAIN\User to User@DOMAIN, it will also be lowercased. [Test Plan] * Enable a dconf policy on the AD controller * Log in with an AD account, alternating cases * Observe multiple files created at /etc/dconf/profile and /var/cache/adsys/policies [Where problems could occur] After login succeeds, an AD username is _always_ reported as lowercase by the system, so there are no suspected side-effects of this change. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/378 ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982347 Title: Username is case sensitive when applying policies on login Status in adsys package in Ubuntu: New Bug description: [Impact] When logging in (either via login or ssh) to an AD account using different case combinations, adsysd uses the specified account name instead of the lowercase one reported by getent/whoami to apply the GPOs. I believe this comes from the pam_get_item call here: https://github.com/ubuntu/adsys/blob/e3316e5e37970a07f09fa6df553ddac096c91255/pam/pam_adsys.c#L266 This works but has the unintended side effect of producing multiple dconf profile files for each variant of the username, and caching policies as well: root@ubuntu2204:~# ls /etc/dconf/profile/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz root@ubuntu2204:~# ls /var/cache/adsys/policies/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz Of course this all stems from the username retrieved by PAM so there might be more unintended side-effects, the dconf one being the easiest to observe. To ensure an unified experience, when a target name is normalized from e.g. DOMAIN\User to User@DOMAIN, it will also be lowercased. [Test Plan] * Enable a dconf policy on the AD controller * Log in with an AD account, alternating cases * Observe multiple files created at /etc/dconf/profile and /var/cache/adsys/policies [Where problems could occur] After login succeeds, an AD username is _always_ reported as lowercase by the system, so there are no suspected side-effects of this change. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/378 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982347/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982345] [NEW] Cannot parse policy entries with no data
Public bug reported: [Impact] The Default Domain Policy for Computers has a bunch of SystemCertificates keys with no data which adsys fails to parse. Here are some examples: Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates Software\Policies\Microsoft\SystemCertificates\ACRS\CRLs Software\Policies\Microsoft\SystemCertificates\ACRS\CTLs Software\Policies\Microsoft\SystemCertificates\CA\Certificates Software\Policies\Microsoft\SystemCertificates\CA\CRLs Software\Policies\Microsoft\SystemCertificates\CA\CTLs Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs Software\Policies\Microsoft\SystemCertificates\DPNGRA\Certificates When examined with a hex editor, these look like the following: : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. The last field of the [key;value;type;size;data] stanza is entirely empty (semicolon succeeded immediately by a closing brace) whereas we expect a null character. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not have policy entries with no data, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy for Computers on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/384 ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982345 Title: Cannot parse policy entries with no data Status in adsys package in Ubuntu: New Bug description: [Impact] The Default Domain Policy for Computers has a bunch of SystemCertificates keys with no data which adsys fails to parse. Here are some examples: Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates Software\Policies\Microsoft\SystemCertificates\ACRS\CRLs Software\Policies\Microsoft\SystemCertificates\ACRS\CTLs Software\Policies\Microsoft\SystemCertificates\CA\Certificates Software\Policies\Microsoft\SystemCertificates\CA\CRLs Software\Policies\Microsoft\SystemCertificates\CA\CTLs Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs Software\Policies\Microsoft\SystemCertificates\DPNGRA\Certificates When examined with a hex editor, these look like the following: : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. The last field of the [key;value;type;size;data] stanza is entirely empty (semicolon succeeded immediately by a closing brace) whereas we expect a null character. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not have policy entries with no data, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy for Computers on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no
[Desktop-packages] [Bug 1982342] [NEW] Cannot parse policies with empty values
Public bug reported: [Impact] In addition to empty data, some Microsoft policy entries happen to have empty values as well. See the following entry: // [key;value;type;size;data] : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. This fails hard when parsing, returning an `empty value` error, rendering the remaining policies unparsable. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not support policy entries with empty values, we must still be able to parse them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/386 ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982342 Title: Cannot parse policies with empty values Status in adsys package in Ubuntu: New Bug description: [Impact] In addition to empty data, some Microsoft policy entries happen to have empty values as well. See the following entry: // [key;value;type;size;data] : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. This fails hard when parsing, returning an `empty value` error, rendering the remaining policies unparsable. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not support policy entries with empty values, we must still be able to parse them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/386 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982342/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982343] [NEW] Cannot parse policy entries with unsupported types
Public bug reported: [Impact] Policies with unsupported types are currently unable to be parsed. Even if Ubuntu doesn't support these types we should still be able to parse the Microsoft ones - otherwise we are unable to apply any of the GPOs. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu supports a limited subset of types, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/387 ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982343 Title: Cannot parse policy entries with unsupported types Status in adsys package in Ubuntu: New Bug description: [Impact] Policies with unsupported types are currently unable to be parsed. Even if Ubuntu doesn't support these types we should still be able to parse the Microsoft ones - otherwise we are unable to apply any of the GPOs. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu supports a limited subset of types, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/387 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982343/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982330] Re: Cannot apply policies from uppercase class path like "MACHINE"
** Description changed: [Impact] ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied. This is a common occurence with GPOs created by Microsoft, like the Default Domain Policy. [Test Plan] - * Mark the Default Domain Policy as active for the client. + Reproduction: + * Mark the Default Domain Policy as active for the client, and set some Ubuntu policy entries. * Restart and/or manually sync the client machine. * Observe the log message indicating that parsing the GPO failed: Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory + + * Observe that the Ubuntu policies were not applied. + + To confirm the bug is fixed, repeat the steps above after applying the + fix, and the policies should be applied. [Where problems could occur] * Fixing this bug will allow adsys to parse, and possibly fail when applying policies from an uppercase path, whereas before it silently ignored them. Fixes for these potential bugs have also been submitted. [Other Info] The issue was initially reported on GitHub: https://github.com/ubuntu/adsys/issues/346 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982330 Title: Cannot apply policies from uppercase class path like "MACHINE" Status in adsys package in Ubuntu: New Bug description: [Impact] ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied. This is a common occurence with GPOs created by Microsoft, like the Default Domain Policy. [Test Plan] Reproduction: * Mark the Default Domain Policy as active for the client, and set some Ubuntu policy entries. * Restart and/or manually sync the client machine. * Observe the log message indicating that parsing the GPO failed: Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory * Observe that the Ubuntu policies were not applied. To confirm the bug is fixed, repeat the steps above after applying the fix, and the policies should be applied. [Where problems could occur] * Fixing this bug will allow adsys to parse, and possibly fail when applying policies from an uppercase path, whereas before it silently ignored them. Fixes for these potential bugs have also been submitted. [Other Info] The issue was initially reported on GitHub: https://github.com/ubuntu/adsys/issues/346 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982330/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982330] [NEW] Cannot apply policies from uppercase class path like "MACHINE"
Public bug reported: [Impact] ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied. This is a common occurence with GPOs created by Microsoft, like the Default Domain Policy. [Test Plan] * Mark the Default Domain Policy as active for the client. * Restart and/or manually sync the client machine. * Observe the log message indicating that parsing the GPO failed: Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory [Where problems could occur] * Fixing this bug will allow adsys to parse, and possibly fail when applying policies from an uppercase path, whereas before it silently ignored them. Fixes for these potential bugs have also been submitted. [Other Info] The issue was initially reported on GitHub: https://github.com/ubuntu/adsys/issues/346 ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982330 Title: Cannot apply policies from uppercase class path like "MACHINE" Status in adsys package in Ubuntu: New Bug description: [Impact] ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied. This is a common occurence with GPOs created by Microsoft, like the Default Domain Policy. [Test Plan] * Mark the Default Domain Policy as active for the client. * Restart and/or manually sync the client machine. * Observe the log message indicating that parsing the GPO failed: Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory [Where problems could occur] * Fixing this bug will allow adsys to parse, and possibly fail when applying policies from an uppercase path, whereas before it silently ignored them. Fixes for these potential bugs have also been submitted. [Other Info] The issue was initially reported on GitHub: https://github.com/ubuntu/adsys/issues/346 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982330/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp