Am Thu, Jun 23, 2022 at 04:49:34PM +0200 schrieb Alexey Tikhonov: > On Thu, Jun 23, 2022 at 3:19 PM Fisher, Philip <phil.fis...@dxc.com> wrote: > > > Hello SSSD people > > > > Is there a way to run (on RHEL 8 specifically) a command or query > > information so that a logged in (authorised) user can see the GPOs that are > > active for the session? I have tried Mr. Goggle without success. > > > > I don't think there is a suitable command that SSSD provides. > Maybe Samba suit does? I don't know.
Hi, yes, currently SSSD does not provide such a tool. And currently SSSD might not even read the GPOs you are looking for because SSSD currently only read GPOs for its own usage for access control. You have asked for 'a logged in (authorised) user can see the GPOs that are active for the session' which sounds like you are looking for desktop policies. For this SSSD supports fleet commander, see e.g. https://sssd.io/design-pages/fleet_commander_integration.html. bye, Sumit > > SSSD caches downloaded GPOs in `/var/lib/sss/gpo_cache/`, but those aren't > intended for general human consumption. > > > > > > This information I realise may be obtained from the actual AD server but > > in general this access is not available hence this query. > > > > Thanks. > > > > -- > > Phil J Fisher > > > > > > DXC Technology Company -- This message is transmitted to you by or on > > behalf of DXC Technology Company or one of its affiliates. It is intended > > exclusively for the addressee. The substance of this message, along with > > any attachments, may contain proprietary, confidential or privileged > > information or information that is otherwise legally exempt from > > disclosure. Any unauthorized review, use, disclosure or distribution is > > prohibited. If you are not the intended recipient of this message, you are > > not authorized to read, print, retain, copy or disseminate any part of this > > message. If you have received this message in error, please destroy and > > delete all copies and notify the sender by return e-mail. Regardless of > > content, this e-mail shall not operate to bind DXC Technology Company or > > any of its affiliates to any order or other contract unless pursuant to > > explicit written agreement or government initiative expressly permitting > > the use of e-mail for such purpose. > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure