On Mon, Dec 15, 2014 at 03:22:18AM +0100, Jakub Hrozek wrote: > On Thu, Dec 11, 2014 at 10:37:07PM -0500, Dan Lavu wrote: > > Downstream ticket - https://bugzilla.redhat.com/show_bug.cgi?id=1169459 > > > > Just a note ensuring that there is no confusion in which policy to edit. I > > did not think that Remote Desktop translated to SSH =D > > > > > > > > > > diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml > > index 4e29d4f..9542a21 100644 > > --- a/src/man/sssd-ad.5.xml > > +++ b/src/man/sssd-ad.5.xml > > @@ -340,6 +340,11 @@ > > FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) > > which GPO-based access control is evaluated > > based on > > the InteractiveLogonRight and > > DenyInteractiveLogonRight policy settings. > > + > > + Note: Using the Group Policy Management Editor > > this > > + value InteractiveLogonRight is called "Allow > > log on > > + locally" and "Deny log on locally". > > + > > </para> > > <para> > > It is possible to add another PAM service name > > @@ -405,6 +410,11 @@ > > FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) > > which GPO-based access control is evaluated > > based on > > the RemoteInteractiveLogonRight and > > DenyRemoteInteractiveLogonRight policy > > settings. > > + > > + Note: Using the Group Policy Management Editor > > this > > + value is called "Allow log on through Remote > > Desktop > > + Services" and "Deny log on through Remote > > Desktop > > + Services". > > </para> > > <para> > > It is possible to add another PAM service name > > Thanks, I tool the liberty of re-sending the patch in git-am format. I > hope that other sssd developers would be able to push the patch soon now > :)
Thank you, ACK. I'll just fix the indentation and a white-space issue which were not in the original version. I will commit the attached patch. bye, Sumit
From a33f9816261eb8ae4bae9a9704d319e11f81387b Mon Sep 17 00:00:00 2001 From: Dan Lavu <side_cont...@runlevelone.net> Date: Mon, 15 Dec 2014 03:20:40 +0100 Subject: [PATCH] MAN: Clarify ad_gpo_map* options Resolves: https://fedorahosted.org/sssd/ticket/2515 --- src/man/sssd-ad.5.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 4e29d4f75cae5bf17e4bb85fa46c921b25ee8047..b721fb73b20837c9dc3abac25d3300649115c607 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -342,6 +342,11 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) DenyInteractiveLogonRight policy settings. </para> <para> + Note: Using the Group Policy Management Editor this + value InteractiveLogonRight is called "Allow log on + locally" and "Deny log on locally". + </para> + <para> It is possible to add another PAM service name to the default set by using <quote>+service_name</quote> or to explicitly remove a PAM service name from @@ -407,6 +412,12 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) DenyRemoteInteractiveLogonRight policy settings. </para> <para> + Note: Using the Group Policy Management Editor this + value is called "Allow log on through Remote Desktop + Services" and "Deny log on through Remote Desktop + Services". + </para> + <para> It is possible to add another PAM service name to the default set by using <quote>+service_name</quote> or to explicitly remove a PAM service name from -- 2.1.0
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
