Hi, what version of SSSD are we talking about and what OS?
Are you sure that the GPOs are linked to the OU or inherited from parent OU (this can be checked in the Group Policy Management window on AD, by clicking on the OU in the tree view and then selecting 'Group Policy Inheritance')?
Please send the whole domain logs and GPO child logs (both located in /var/log/sssd/) - sanitize the logs if you have confidential info there.
Michal On 06/06/2017 11:01 AM, François MUTSHE wrote:
Hi, I've been searching on many forums to solve my issue but no luck, the GPO's "Allow log on through Remote Desktop Services" and "Deny log on through Remote Desktop Services" are working well on Windows clients but not on Linux. I created a test OU where i moved my test computer in, allowed a specific user to log on through Remote Desktop Services, results: anybody can login via ssh on my test computer. In sssd logs we can see that its not applying GPOS to the computer: [ad_gpo_process_gpo_done] (0x0400): no applicable gpos found after dacl filtering (Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [sysdb_gpo_get_gpo_result_object] (0x4000): cn=gpos,cn=ad,cn=custom,cn=domain.tld,cn=sysdb (Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [sysdb_gpo_get_gpo_result_object] (0x4000): No GPO Result object. (Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [ad_gpo_access_done] (0x0400): GPO-based access control successful. (Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [ad_gpo_access_send] (0x0400): service systemd-user maps to Permitted (Fri Jun 2 15:52:06 2017) [sssd[be[domain.tld]]] [ad_gpo_access_done] (0x0400): GPO-based access control successful. What am i missing here? All GPOS have authenticated user default rights on it. I attached my sssd.conf here > Any help would be much appreciated Regards, Mush.
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
