Hi Alexey I think samba-tool has a method but only when the server is acting as an AD server (which I believe RH does not support as it happens). But the things I am involved in have RHEL servers as AD “clients” so maybe it will be a case of hacking some form of query on the cache you mention.
Thanks for the response. Phil -- Phil J Fisher UNIX Technology Consultant DXC Technology [email protected]<mailto:[email protected]> DXC.com From: Alexey Tikhonov <[email protected]> Sent: 23 June 2022 15:50 To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [SSSD-users] Re: SSSD-users: querying GPO list On Thu, Jun 23, 2022 at 3:19 PM Fisher, Philip <[email protected]<mailto:[email protected]>> wrote: Hello SSSD people Is there a way to run (on RHEL 8 specifically) a command or query information so that a logged in (authorised) user can see the GPOs that are active for the session? I have tried Mr. Goggle without success. I don't think there is a suitable command that SSSD provides. Maybe Samba suit does? I don't know. SSSD caches downloaded GPOs in `/var/lib/sss/gpo_cache/`, but those aren't intended for general human consumption. This information I realise may be obtained from the actual AD server but in general this access is not available hence this query. Thanks. -- Phil J Fisher DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates. It is intended exclusively for the addressee. The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. _______________________________________________ sssd-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/<https://clicktime.symantec.com/3C1jyUU2UB8SoWZk4fAjNVU7VN?u=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines<https://clicktime.symantec.com/35uMvvGa2BDNWwdNGFyw3CZ7VN?u=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines> List Archives: https://lists.fedorahosted.org/archives/list/[email protected]<https://clicktime.symantec.com/37Nw16nGVG8488jc6t6APB17VN?u=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure<https://clicktime.symantec.com/3TXgMGV6zP84JkShfAct4ES7VN?u=https%3A%2F%2Fpagure.io%2Ffedora-infrastructure>
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
