On 1/6/23 8:11 AM, Dawson Greeley via samba wrote:> Hi, Im attempting to apply a few group policy settings but they dont seem
to be applying on the machine in question, or some settings I cannot see in the
GPME.
>
>
> 1. Settings applied to openssh dont seem to create the required config
files in /etc/ssh/sshd_config.d/ for ssh to actually pick up on these changes.
Is there a different location its applying these to that I can verify with?
Below is an example of what im trying to set just to see if it works
>
> CSE: vgp_openssh_ext
>
-------------------------------------------------------------------------------------
> Policy Type: VGP/Unix Settings/OpenSSH
>
-------------------------------------------------------------------------------------
> [ PermitRootLogon ] = yes
>
-------------------------------------------------------------------------------------
>
-------------------------------------------------------------------------------------
See chapter 18 in the Group Policy book:
https://dmulder.github.io/group-policy-book/openssh.html#client-side-extension-13
It should be creating the file in /etc/ssh/sshd_config.d/, but the
contents of the cache will tell you exactly where.
Have you configured automatic refresh, or manually applied the settings?
https://dmulder.github.io/group-policy-book/policy-refresh.html
If you don't have policy refresh enabled, then you wont see the policy
applied to the machine.
> 2. In GPME I do not see 'Computer Configuration > Policies >
Administrative Templates > Samba > GNOME' when editing my policy with
the default samba admx template that was loaded via 'samba-tool gpo admxload
-U Administrator". Not quite sure how to go about debugging why its not
there since the wiki just says that its with the default template is loaded.
Does it matter that I already had windows admx templates installed then
installed samba admx templates after the fact?
See the instructions on how to install the ADMX templates
(Administrative Templates):
https://dmulder.github.io/group-policy-book/install-admx.html#install-admx-samba
If you've already installed them, then you should know there is actually
a bug. GPMC doesn't read templates with a space ' ' in the name.
Rename
'libgpo/admx/GNOME Settings.admx' and 'libgpo/admx/en-US/GNOME
Settings.adml' to use an underscore instead of a space. This is already
fixed in Samba master. Perhaps we should backport this?
Like this:
libgpo/admx/GNOME_Settings.admx
libgpo/admx/en-US/GNOME_Settings.adml
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com