On 23/01/15 21:31, Lukas Slebodnik wrote:
On (23/01/15 21:24), Rowland Penny wrote:
On 23/01/15 21:10, Koen de Boeve wrote:
the idea is that sssd reads the GPO and then on that basis either denies or
allows access through its pam module
At least, that s how I think it works - or should work - ;)
Rowland Penny <mailto:[email protected]>
23 Jan 2015 22:01
On 23/01/15 20:58, Koen de Boeve wrote:
Thought so, forget it, Linux knows absolutely nothing about GPO's
Rowland
Koen de Boeve <mailto:[email protected]>
23 Jan 2015 21:58
Yes I am Rowland, well it is a separate Policy specifically for linux
machines.
Regards, Koen
Rowland Penny <mailto:[email protected]>
23 Jan 2015 21:37
Can I ask if you are trying to get a linux machine to use a windows GPO ?
Rowland
OK, I'll believe you, now could someone explain how sssd can read a GPO that
is supposed to (as far as I know) alter the registry on a windows machine and
use those settings on a Linux machine that does have anything like a registry
?
Rowland
There is a design document[1] for GPO and pdf attachement in mail[2]
contains "gpo data flow diagram".
All this information can be too technical.
HTH
LS
[1] https://fedorahosted.org/sssd/wiki/DesignDocs/ActiveDirectoryGPOIntegration
[2]
https://lists.fedorahosted.org/pipermail/sssd-devel/2014-September/020758.html
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, what about user walking up to unix machine and logging in ? what
about ssh ? wouldn't it be easier to just change the users login shell
to /bin/false ?
Rowland
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
