Dennis Binkhorst
2023-Mar-10 15:35 UTC
[Samba] Missing features in RSAT Group Policy Manager (Debian as Samba PDC)
I have been testing a Debian 11 (i386) server with samba 2:4.13.13+dfsg-1~deb11u5 running as an Active Directory Controller. This is a stand-alone DC, meant for user authentication for a small business network. I use RSAT Features on Windows 11 Pro to manage Users, Groups, Machines etc., which works fine. I would like create a new GPO using the RSAT Group Policy Manager to change Security Settings for all machines that are in a specific OU. However, when I try to edit the new GPO I am unable to find *Account Policies* and *Local Policies *under *"Computer Configuration / Policies / Windows Settings / Security Settings*". This is also the case when using RSAT from a Windows 10 Pro machine. These Policies do exist on the Windows 11 Pro machine itself when I open *gpedit.msc*. Not sure if this is relevant, but I did download and install the the 22H2 ADMX Templates for Windows 11 to the Samba AD. They exists in the SYSVOL directory. An example of a policy I'd like to set in the GPO is *"Interactive logon: Message text for users attempting to log on"*. P.S.: A suggestion made elsewhere was to upgrade samba to the bullseye-backports version, so i did that. Upgrading to *2:4.17.5+dfsg-1~bpo11+1 *did not change anything for my issue.
David Mulder
2023-Mar-10 15:46 UTC
[Samba] Missing features in RSAT Group Policy Manager (Debian as Samba PDC)
On 3/10/23 8:35 AM, Dennis Binkhorst via samba wrote:> I have been testing a Debian 11 (i386) server with samba > 2:4.13.13+dfsg-1~deb11u5 running as an Active Directory Controller. This is > a stand-alone DC, meant for user authentication for a small business > network. I use RSAT Features on Windows 11 Pro to manage Users, Groups, > Machines etc., which works fine. > > I would like create a new GPO using the RSAT Group Policy Manager to change > Security Settings for all machines that are in a specific OU. However, when > I try to edit the new GPO I am unable to find *Account Policies* and *Local > Policies *under *"Computer Configuration / Policies / Windows Settings / > Security Settings*". This is also the case when using RSAT from a Windows > 10 Pro machine. > > These Policies do exist on the Windows 11 Pro machine itself when I open > *gpedit.msc*. > > Not sure if this is relevant, but I did download and install the the 22H2 > ADMX Templates for Windows 11 to the Samba AD. They exists in the SYSVOL > directory. > > An example of a policy I'd like to set in the GPO is *"Interactive logon: > Message text for users attempting to log on"*. > P.S.: A suggestion made elsewhere was to upgrade samba to the > bullseye-backports version, so i did that. > Upgrading to *2:4.17.5+dfsg-1~bpo11+1 *did not change anything for my issue.Which RSAT are you referring to? There's the yast-based one I created, and there is one Alt Linux is working on, IIRC. -- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmulder at suse.com http://www.suse.com
David Mulder
2023-Mar-10 15:54 UTC
[Samba] Missing features in RSAT Group Policy Manager (Debian as Samba PDC)
On 3/10/23 8:35 AM, Dennis Binkhorst via samba wrote:> I have been testing a Debian 11 (i386) server with samba > 2:4.13.13+dfsg-1~deb11u5 running as an Active Directory Controller. This is > a stand-alone DC, meant for user authentication for a small business > network. I use RSAT Features on Windows 11 Pro to manage Users, Groups, > Machines etc., which works fine. > > I would like create a new GPO using the RSAT Group Policy Manager to change > Security Settings for all machines that are in a specific OU. However, when > I try to edit the new GPO I am unable to find *Account Policies* and *Local > Policies *under *"Computer Configuration / Policies / Windows Settings / > Security Settings*". This is also the case when using RSAT from a Windows > 10 Pro machine. > > These Policies do exist on the Windows 11 Pro machine itself when I open > *gpedit.msc*. > > Not sure if this is relevant, but I did download and install the the 22H2 > ADMX Templates for Windows 11 to the Samba AD. They exists in the SYSVOL > directory. > > An example of a policy I'd like to set in the GPO is *"Interactive logon: > Message text for users attempting to log on"*. > P.S.: A suggestion made elsewhere was to upgrade samba to the > bullseye-backports version, so i did that. > Upgrading to *2:4.17.5+dfsg-1~bpo11+1 *did not change anything for my issue.I'm re-reading... do you mean you don't see those policies when using *MS* RSAT against a Samba ADDC, but you do against a Windows ADDC? -- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmulder at suse.com http://www.suse.com