In that case Gregory is right, SSSD cares about the access control. I thought that you were looking for this kind of functionality. Sorry for misunderstanding...
Tom On Tue, Sep 13, 2022 at 6:11 AM Gregory Carter <gjcart...@gmail.com> wrote: > I wanted to point out exactly what sssd support is provided with regards > to Active Directory. Windows workstation/server management is not one of > them and I think it is important people understand that. > > Most of the questions I get are around Windows configuration questions and > due to that confusion people think sssd magically translates windows > setting into compatible Linux equivalents. > > That is not the case. > > On Mon, Sep 12, 2022 at 5:54 PM 昭翰 任 <zhaohan....@hotmail.com> wrote: > >> Thanks Tomáš & Gregory for your response >> >> You are right, sssd has some GPO related >> settings(e.g. >> ad_gpo_access_control/ad_gpo_implicit_deny/ad_gpo_cache_timeout/...), >> however there are for access control, not what I want. What I want is a >> customized GPO settings that AD could refresh/push to all the client side, >> for example: >> >> I have an AD(winserver2012) and some clients(Win10, Ubuntu22.04), there >> is an ADMX policy which defines the max DPI that could be used when >> printing a document, this ADMX policy has been deployed correctly on the >> AD, what I expect is when I change the max DPI value on the AD, both Win10 >> and Ubuntu(maybe stored at somewhere on the disk?) could get the latest max >> DPI I setup on AD. >> >> However I found Win10 could get the latest DPI value, but the Linux >> system doesn't get any update. >> >> Does sssd support the scenario I described above? >> >> BRs >> >> >> ------------------------------ >> *From:* Gregory Carter <gjcart...@gmail.com> >> *Sent:* Monday, September 12, 2022 16:44 >> *To:* End-user discussions about the System Security Services Daemon < >> sssd-users@lists.fedorahosted.org> >> *Subject:* [SSSD-users] Re: AD refresh GPO to Ubuntu22.04 >> >> Excellent, so please share with the list what windows settings I can use >> GPO on from my Linux box. >> >> On Mon, Sep 12, 2022 at 2:44 AM Tomas Halman <thal...@redhat.com> wrote: >> >> There actually is GPO support in SSSD. >> >> Looking at the man page (sssd-ad), you have to use "ad" provider and tune >> few options regarding gpo, particularly ad_gpo_access_control and >> ad_gpo_implicit_deny. >> >> If it is not working for you, can you share the sssd.conf? Eventually you >> can increase the SSSD debug_level and look into logs if there is something >> wrong with GPO evaluation. >> >> HTH >> Tomáš >> >> On Sat, Sep 10, 2022 at 2:53 AM Gregory Carter <gjcart...@gmail.com> >> wrote: >> >> There is no such thing as a GPO for a LINUX box. >> >> That being said I use Puppet to do basically the same thing. (i.e. Bring >> LINUX, MAC, Windows to bear on a common LDAP policy schema I created to >> enforce machine configurations, authentication and security policies.) >> >> On Fri, Sep 9, 2022 at 12:56 AM 任 昭翰 <zhaohan....@hotmail.com> wrote: >> >> Hi guys >> >> I have a Ubuntu22.04 client which joined to an AD(winserver 2012) server >> by sssd + realm, in the AD I have a customized GPO, is it possible that the >> AD refresh/push the GPO to the Ubuntu machine? I also have a win10 client >> that also joined this AD, the win10 client could receive the GPO update >> successfully from the AD. >> _______________________________________________ >> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> >> _______________________________________________ >> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> >> >> >> -- >> Tomáš Halman >> >> _______________________________________________ >> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> >> _______________________________________________ >> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Tomáš Halman
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue