Thanks guys for your clarification, I will find other method. ________________________________ From: Tomas Halman <[email protected]> Sent: Tuesday, September 13, 2022 9:19 To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [SSSD-users]Re: 回复: Re: AD refresh GPO to Ubuntu22.04
In that case Gregory is right, SSSD cares about the access control. I thought that you were looking for this kind of functionality. Sorry for misunderstanding... Tom On Tue, Sep 13, 2022 at 6:11 AM Gregory Carter <[email protected]<mailto:[email protected]>> wrote: I wanted to point out exactly what sssd support is provided with regards to Active Directory. Windows workstation/server management is not one of them and I think it is important people understand that. Most of the questions I get are around Windows configuration questions and due to that confusion people think sssd magically translates windows setting into compatible Linux equivalents. That is not the case. On Mon, Sep 12, 2022 at 5:54 PM 昭翰 任 <[email protected]<mailto:[email protected]>> wrote: Thanks Tomáš & Gregory for your response You are right, sssd has some GPO related settings(e.g. ad_gpo_access_control/ad_gpo_implicit_deny/ad_gpo_cache_timeout/...), however there are for access control, not what I want. What I want is a customized GPO settings that AD could refresh/push to all the client side, for example: I have an AD(winserver2012) and some clients(Win10, Ubuntu22.04), there is an ADMX policy which defines the max DPI that could be used when printing a document, this ADMX policy has been deployed correctly on the AD, what I expect is when I change the max DPI value on the AD, both Win10 and Ubuntu(maybe stored at somewhere on the disk?) could get the latest max DPI I setup on AD. However I found Win10 could get the latest DPI value, but the Linux system doesn't get any update. Does sssd support the scenario I described above? BRs ________________________________ From: Gregory Carter <[email protected]<mailto:[email protected]>> Sent: Monday, September 12, 2022 16:44 To: End-user discussions about the System Security Services Daemon <[email protected]<mailto:[email protected]>> Subject: [SSSD-users] Re: AD refresh GPO to Ubuntu22.04 Excellent, so please share with the list what windows settings I can use GPO on from my Linux box. On Mon, Sep 12, 2022 at 2:44 AM Tomas Halman <[email protected]<mailto:[email protected]>> wrote: There actually is GPO support in SSSD. Looking at the man page (sssd-ad), you have to use "ad" provider and tune few options regarding gpo, particularly ad_gpo_access_control and ad_gpo_implicit_deny. If it is not working for you, can you share the sssd.conf? Eventually you can increase the SSSD debug_level and look into logs if there is something wrong with GPO evaluation. HTH Tomáš On Sat, Sep 10, 2022 at 2:53 AM Gregory Carter <[email protected]<mailto:[email protected]>> wrote: There is no such thing as a GPO for a LINUX box. That being said I use Puppet to do basically the same thing. (i.e. Bring LINUX, MAC, Windows to bear on a common LDAP policy schema I created to enforce machine configurations, authentication and security policies.) On Fri, Sep 9, 2022 at 12:56 AM 任 昭翰 <[email protected]<mailto:[email protected]>> wrote: Hi guys I have a Ubuntu22.04 client which joined to an AD(winserver 2012) server by sssd + realm, in the AD I have a customized GPO, is it possible that the AD refresh/push the GPO to the Ubuntu machine? I also have a win10 client that also joined this AD, the win10 client could receive the GPO update successfully from the AD. _______________________________________________ sssd-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ sssd-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Tomáš Halman _______________________________________________ sssd-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ sssd-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ sssd-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Tomáš Halman
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
