On Fri, Jan 13, 2017 at 04:23:52PM +0000, Mote, Todd wrote: > Do you all know of any other modules or code that might parse other Group > Policies downloaded by SSSD? I'm taking a look at the registry.pol file that > is available in a firewall GPO in the 'Machine' folder of the policy. It > appears to be UTF-8 encoded text and likely parse able for direction, ports, > sources, and destinations that could be translated into an IPtables entry. > When SSSD gets group policies for the machine, it only gets policies with > "Security Settings" client side extensions, i.e. just policies that have user > rights assignments configured, and doesn't appear to download this file with > the policy when both firewall policy and user rights assignments are present > in the same policy. Do you know of anyone doing anything like this or can > SSSD be made to download this file when it downloads policy for the machine? > Trying to not have to reinvent the whole wheel if I don't have to... Just > having the file download with all the rest would help a ton. >
Currently SSSD only use the GPOs for access control hence the restriction to "Security Settings". We have some idea what other GPOs might be useful and have some plans to read more policy file in future. But for the time being it is not possible to download more policy file by just changing the configuration. You might want to take a look at Samba's 'net ads gpo' utility to see if it works for you. bye, Sumit > Todd > > Todd Mote, MCP, MCSA+Messaging, MCSE | > mo...@austin.utexas.edu<mailto:mo...@austin.utexas.edu> > Enterprise Systems Management | Information Technology Services | The > University of Texas at Austin > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
