samba - Sep 2022 - Winbind not respecting GPO based access restrictions?

On 9/5/22 12:32 PM, Patrick Goetz via samba <samba at lists.samba.org>
wrote:
> 
> Any suggestions for what to try?? Can someone confirm that this should 
> work with Winbind?
> 
I'm pretty sure this isn't implemented Patrick. I'll put this on my
to-do list.

David Mulder

On Tue, 2022-09-06 at 07:36 -0600, David Mulder via samba
wrote:
> On 9/5/22 12:32 PM, Patrick Goetz via samba <samba at
lists.samba.org>
> wrote:
> > Any suggestions for what to try?  Can someone confirm that this
> > should 
> > work with Winbind?
> > 
> 
> I'm pretty sure this isn't implemented Patrick. I'll put this
on my
> to-do list.
> 
> David Mulder
I think this bug may be relevant:

https://bugzilla.samba.org/show_bug.cgi?id=14622

Rowland

Thanks, David. So, a couple of things, given that I know for a fact that 
Windows admins expect to be able to use security groups to restrict host 
access:

I reiterate that sssd is consequently absolutely necessary in an 
enterprise context when using Samba, particularly with Windows DCs, and 
it would be helpful to have a Wiki page discussing such an integration. 
I'm no longer working with Samba in this context (domain users >>
people
who should have access to file server), or I would do it myself.

It would be super useful to have a Wiki page detailing exactly what 
domain group policy features have been implemented. This would help 
prevent situations like the one I went through a few months ago where I 
was blind-sided by not being able to use domain GPOs for access restriction.

On 9/6/22 08:36, David Mulder via samba wrote:
> On 9/5/22 12:32 PM, Patrick Goetz via samba <samba at
lists.samba.org> wrote:
>>
>> Any suggestions for what to try?? Can someone confirm that this should 
>> work with Winbind?
>>
> 
> I'm pretty sure this isn't implemented Patrick. I'll put this
on my
> to-do list.
> 
> David Mulder
>