I have validated the new adsys in Jammy using the following steps:
1. Join Jammy client to AD test domain where GPOs are configured
2. Install adsys from proposed
3. Apply user and machine policies (assert non-Pro policy managers)
4. Attach Jammy client to Ubuntu Pro
5. Re-apply user and machine policies (assert Pro-only policy managers)
Below are the steps used:
Joined domain using the following command:
# realm join warthogs.biz -U localadmin -v --unattended <<<$AD_PASSWORD
...
* Successfully enrolled machine in realm
Installed adsys using:
# apt install adsys/jammy-proposed --install-suggests
# apt-cache policy adsys
adsys:
Installed: 0.14.1~22.04
Candidate: 0.14.1~22.04
Version table:
*** 0.14.1~22.04 400
400 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
100 /var/lib/dpkg/status
0.9.2~22.04.2 500
500 http://azure.archive.ubuntu.com/ubuntu jammy-updates/main amd64
Packages
0.9.2~22.04.1 500
500 http://azure.archive.ubuntu.com/ubuntu jammy-security/main amd64
Packages
0.8.4 500
500 http://azure.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
Applied non-Pro policies:
# adsysctl update -m -v
INFO Downloading "e2e-jammy-fccb9151-computers-gpo"
INFO Downloading "assets"
INFO Applying policies for jammy-fccb9151 (machine: true)
WARNING Rules from the following policy types will be filtered out as the
machine is not enrolled to Ubuntu Pro: privilege, scripts, mount, apparmor,
proxy, certificate
jammy-fccb9151-usr$ adsysctl update -v
INFO GPO "e2e-jammy-fccb9151-users-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for [email protected] (machine: false)
WARNING Rules from the following policy types will be filtered out as the
machine is not enrolled to Ubuntu Pro: scripts, mount
Confirmed non-Pro policies have been applied (dconf/gdm):
# DCONF_PROFILE=gdm dconf read /org/gnome/login-screen/banner-message-text
'Sample banner text'
jammy-fccb9151-usr$ dconf read /org/gnome/shell/favorite-apps
['rhythmbox.desktop']
Confirmed Pro-only policies (e.g. certificate, mount) are not applied:
# getcert list
Number of certificates and requests being tracked: 0.
jammy-fccb9151-usr$ gio mount -l | grep warthogs.biz
Attached machine to Pro and re-applied user and machine policies:
# pro attach $UBUNTU_PRO_TOKEN --no-auto-enable
This machine is now attached to 'Ubuntu Pro - free personal subscription'
# adsysctl update -m -v
INFO GPO "e2e-jammy-fccb9151-computers-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for jammy-fccb9151 (machine: true)
INFO Running machine startup scripts
INFO Certificate autoenrollment script ran successfully
jammy-fccb9151-usr$ adsysctl update -v
INFO GPO "e2e-jammy-fccb9151-users-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for [email protected] (machine: false)
Confirmed Pro-only policies have now been applied:
# getcert list
root@jammy-fccb9151:~# getcert list
Number of certificates and requests being tracked: 1.
Request ID 'warthogs-CA.Machine':
status: MONITORING
stuck: no
key pair storage:
type=FILE,location='/var/lib/adsys/private/certs/warthogs-CA.Machine.key'
certificate:
type=FILE,location='/var/lib/adsys/certs/warthogs-CA.Machine.crt'
CA: warthogs-CA
issuer: CN=warthogs-CA,DC=warthogs,DC=biz
subject: CN=jammy-fccb9151
...
jammy-fccb9151-usr$ gio mount -l | grep warthogs.biz
Mount(0): user-mount-smb on warthogs.biz -> smb://warthogs.biz/user-mount-smb/
Mount(1): user-mount-nfs on warthogs.biz -> nfs://warthogs.biz/user-mount-nfs
** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059756
Title:
[SRU] adsys 0.14.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
