Same thing, policy disappears from GPO Editor
root at nc1:~# ls -l
/var/lib/samba/sysvol/carlson.lab/Policies/PolicyDefinitions/GN*
-rwxrwx---+ 1 3000000 users 7748 Oct 24 16:12
/var/lib/samba/sysvol/carlson.lab/Policies/PolicyDefinitions/GNOMESettings.admx
Is it possibly a conflict in one of the GUIDs?
On 10/24/22 09:03, David Mulder wrote:>
> Maybe try removing the space in the filename. I wonder if GPME has
> issues reading the filename?
>
> On 10/24/22 9:52 AM, Peter Carlson wrote:
>>
>> ok, I have setup a complete lab with ADDC, FileServer, linux cli
>> client, linux gui client, windows client all running on different
>> guests in proxmox.? I compiled 4.17 from source and configured.? I
>> then copied the GNOME admx into /usr/share/samba/admx/GNOME
>> Settings.admx and ran samba-tool gpo admxload -U Administrator? voila
>> GNOME policies appear in GPO editor
>>
>> then to bring in windows policies I ran: samba-tool gpo admxload -U
>> Administrator --admx-dir=./Program\ Files/Microsoft\ Group\
>> Policy/Windows\ 11\ September\ 2022\ Update\
\(22H2\)/PolicyDefinitions/
>>
>> and GNOME policies disappear, they are still in sysvol, but no longer
>> appear in GPO editor
>>
>> root at nc1:~# ls -l
>> /var/lib/samba/sysvol/carlson.lab/Policies/PolicyDefinitions/GN*
>> -rwxrwx---+ 1 3000000 users 7748 Oct 24 15:44
>> '/var/lib/samba/sysvol/carlson.lab/Policies/PolicyDefinitions/GNOME
>> Settings.admx'
>> root at nc1:~# ls -l
>> /var/lib/samba/sysvol/carlson.lab/Policies/PolicyDefinitions/en-US/GN*
>> -rwxrwx---+ 1 3000000 users 9614 Oct 24 15:44
>>
'/var/lib/samba/sysvol/carlson.lab/Policies/PolicyDefinitions/en-US/GNOME
>> Settings.adml'
>>
>>
>>
>> On 10/21/22 09:10, David Mulder via samba wrote:
>>>
>>> On 10/21/22 10:03 AM, Peter Carlson via samba wrote:
>>>> Here is some preliminary testing with samba linux gpo.
>>>>
>>>> *Password and Security:*
>>>> Computer Configuration > Policies > OS Settings >
Security Settings
>>>> > Account Policy
>>>> OS Settings doesn't exist
>>>>
>>>> *GNOME:*
>>>> I cant find any gnome settings in RSAT
>>>
>>> You have to install the templates using the command `samba-tool gpo
>>> admxload --admx-dir=/location/of/templates` and specify the
location
>>> of the GNOME Settings admx templates. See the samba source in
>>> libgpo/admx. You can also install the chrome and firefox templates
>>> to administer these:
>>>
>>> https://github.com/mozilla/policy-templates/releases
>>> https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
>>>
>>>>
>>>> *sudo:*
>>>> GPO: Linux Sudo
>>>> All Tests performed with samba-gpupdate --force --rsop
>>>> step 1: add Domain Users as sudo, that generated gp_syvdg6p6
with
>>>> Domain Users in it
>>>>
>>>> step 2: change policy to Linux Users.? That generated a new gp
file
>>>> gp_rjdmvvow with Linux Users? (now there are 2 files)
>>>>
==============================================================================================================================
>>>>
>>>> ? CSE: gp_sudoers_ext
>>>>
--------------------------------------------------------------------------------------------
>>>>
>>>> ??? Policy Type: Sudo Rights
>>>>
--------------------------------------------------------------------------------------------
>>>>
>>>> ??? [ %SDCP\\Linux\x20Users ALL=(ALL) NOPASSWD: ALL ]
>>>>
--------------------------------------------------------------------------------------------
>>>>
>>>>
>>>> step 3: change policy to Linux Test.? That did nothing.
gp_rjdmvvow
>>>> still contains Linux Users
>>>> GPO: Linux Sudo
>>>>
==============================================================================================================================
>>>>
>>>> ? CSE: gp_sudoers_ext
>>>>
--------------------------------------------------------------------------------------------
>>>>
>>>> ??? Policy Type: Sudo Rights
>>>>
--------------------------------------------------------------------------------------------
>>>>
>>>> ??? [ %SDCP\\Linux\x20Test ALL=(ALL) NOPASSWD: ALL ]
>>>>
--------------------------------------------------------------------------------------------
>>>>
>>>>
--------------------------------------------------------------------------------------------
>>>>
>>>>
>>>> After unlinking the policy, it no longer shows up in --rsop but
>>>> there are now 2 files
>>>>
>>>> root at xrdp:/etc/sudoers.d# ls -l gp*
>>>> -rw------- 1 root root 312 Oct 21 15:42 gp_rjdmvvow
>>>> -rw------- 1 root root 313 Oct 21 15:36 gp_syvdg6p6
>>>> root at xrdp:/etc/sudoers.d# cat gp*
>>>>
>>>> ### autogenerated by samba
>>>> #
>>>> # This file is generated by the gp_sudoers_ext Group Policy
>>>> # Client Side Extension. To modify the contents of this file,
>>>> # modify the appropriate Group Policy objects which apply
>>>> # to this machine. DO NOT MODIFY THIS FILE DIRECTLY.
>>>> #
>>>>
>>>> %SDCP\\Linux\x20Users ALL=(ALL) NOPASSWD: ALL
>>>>
>>>> ### autogenerated by samba
>>>> #
>>>> # This file is generated by the gp_sudoers_ext Group Policy
>>>> # Client Side Extension. To modify the contents of this file,
>>>> # modify the appropriate Group Policy objects which apply
>>>> # to this machine. DO NOT MODIFY THIS FILE DIRECTLY.
>>>> #
>>>>
>>>> %SDCP\\Domain\x20Users ALL=(ALL) NOPASSWD: ALL
>>>
>>> Did you run `samba-gpupdate --force` after unlinking the policy?
>>> Don't run `samba-gpupdate --force` with --rsop. RSoP is for
>>> displaying policy, not applying it.
>>>
>>> Also, worst case you can run `samba-gpupdate --unapply` to
>>> forcefully remove stuck policies.
>>>
> --
> David Mulder
> Labs Software Engineer, Samba
> SUSE
> 1221 S Valley Grove Way, Suite 500
> Pleasant Grove, UT 84062
> (P)+1 385.208.2989
> dmulder at suse.com
> http://www.suse.com