Giter Club home page Giter Club logo

gpupdate's People

Contributors

danila-skachedubov avatar mastersin avatar sokolovvaly avatar valerasin avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

veritasvestas ekorneechev rbapin sibskull gochankot kubilaycagri alenka26 yamah-byv abramovav64 jdeshin serg-sg sokolovvaly danila-skachedubov alxvmr liannnix ravigehlot olgakamaeva

gpupdate's Issues

Group policies for CD/DVD with underscore symbol ( _ ) not working

In ADMX the plus symbols (+) in names of controls for CD/DVD are replaced with the underscore symbol ( _ ). In this form they come to gpupdate. The gpupdate tries to set up controls named with underscore symbol ( _ ) and it does not lead to the expected result. It is necessary to replace underscore symbol ( _ ) with plus symbol (+) for these controls

Проблема со скриптами Startup/Shutdown

Скрипты запуска дублируются в скрипты завершения: каталог /var/cache/gpupdate_scripts_cache/machine/STARTUP равен каталогу /var/cache/gpupdate_scripts_cache/machine/SHUTDOWN, хотя в доменной политике не заданы Shutdown-скрипты

Need storage implemented as a D-Bus service

It was considered easier to implement D-Bus service in "your language of choice" instead of wrapping some code in C and attempting to implement bindings for as much programming languages as possible.

Выполнение произвольного скрипта

Просьба реализовать возможность выполнения скриптов. Аналоги для WIndows в папках политик:

\User\Scripts\Logon
\User\Scripts\Logoff
\Machine\Scripts\Startup
\Machine\Scripts\Shutdown

org.freedesktop.DBus.Error.NoReply | an error often occurs (40-50%) 

ssh username@alt-test-01l

username@alt-test-01l's password: 
org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Last login: Thu Aug 26 10:34:01 2021 from 10.61.52.7

Why?

Ярлыки на рабочий стол

Возможно уже реализовано в shortcut_applier.py, тогда хотелось бы увидеть описание настройки через RSAT.

ошибка при запуске

При запуске выскакивает следующая ошибка
Apply group policies for computer.
Traceback (most recent call last):
File "/usr/sbin/gpoa", line 131, in
main()
File "/usr/sbin/gpoa", line 128, in main
controller.run()
File "/usr/sbin/gpoa", line 90, in run
self.start_backend()
File "/usr/sbin/gpoa", line 106, in start_backend
back.retrieve_and_store()
File "/usr/lib/python3/site-packages/gpoa/backend/samba_backend.py", line 71, in retrieve_and_store
gptobj.merge()
File "/usr/lib/python3/site-packages/gpoa/gpt/gpt.py", line 183, in merge
util.preg.merge_polfile(self._user_regpol, self.machine_sid)
AttributeError: 'gpt' object has no attribute 'machine_sid'

Cache row mapping error

The bug looks like: Backend execution error: Could not evaluate current criteria in Python: "Can't evaluate criteria against alternate class <class 'storage.record_types.samba_hkcu_preg'>". Specify 'fetch' or False for the synchronize_session parameter.

The log:

...
eading and merging registry.pol for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Loading PReg from .pol file: /var/cache/gpupdate/local-policy/Machine/Registry.pol
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Merging machine settings from /var/cache/gpupdate/local-policy/Machine/Registry.pol
2020-06-25 21:15:42:Loading PReg from .pol file: /var/cache/gpupdate/local-policy/Machine/Registry.pol
2020-06-25 21:15:42:Loaded PReg /var/cache/gpupdate/local-policy/Machine/Registry.pol
Reading and merging registry.pol for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Loading PReg from .pol file: /var/cache/samba/gpo_cache/DOMAIN.ALT/POLICIES/{97146AB9-1DCB-47FD-AD8B-0B2FA4E5153D}/MACHINE/REGISTRY.POL
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Merging machine(user) settings from /var/cache/samba/gpo_cache/DOMAIN.ALT/POLICIES/{97146AB9-1DCB-47FD-AD8B-0B2FA4E5153D}/MACHINE/REGISTRY.POL
2020-06-25 21:15:42:Loading PReg from .pol file: /var/cache/samba/gpo_cache/DOMAIN.ALT/POLICIES/{97146AB9-1DCB-47FD-AD8B-0B2FA4E5153D}/USER/REGISTRY.POL
2020-06-25 21:15:42:Loaded PReg /var/cache/samba/gpo_cache/DOMAIN.ALT/POLICIES/{97146AB9-1DCB-47FD-AD8B-0B2FA4E5153D}/USER/REGISTRY.POL
2020-06-25 21:15:42:Adding HKCU entry for S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:15:42:Backend execution error: Could not evaluate current criteria in Python: "Can't evaluate criteria against alternate class <class 'storage.record_types.samba_hkcu_preg'>". Specify 'fetch' or False for the synchronize_session parameter.
2020-06-25 21:15:42:Username for frontend is set to root
2020-06-25 21:15:42:Error getting SID using wbinfo, will use cached SID: local-root
2020-06-25 21:15:42:Working with SID: local-root
2020-06-25 21:15:42:Deny_All setting not found
2020-06-25 21:15:42:Deny_All setting not found
2020-06-25 21:15:42:Applying computer part of settings
Running machine applier control
2020-06-25 21:15:42:Working with control sshd-gssapi-auth
2020-06-25 21:15:42:Working with control ssh-gssapi-auth
2020-06-25 21:15:42:Working with control sshd-allow-groups
2020-06-25 21:15:42:Working with control sshd-allow-groups-list
2020-06-25 21:15:42:Setting control sshd-gssapi-auth to enabled
2020-06-25 21:15:42:Setting control ssh-gssapi-auth to enabled
2020-06-25 21:15:42:Setting control sshd-allow-groups to enabled
2020-06-25 21:15:42:Setting control sshd-allow-groups-list to remote
Running machine applier polkit
...

ALT build warnings

https://bugzilla.altlinux.org/show_bug.cgi?id=35053#c37

warning: File listed twice: /usr/lib/python3/site-packages/gpoa/gpoa
warning: File listed twice: /usr/lib/python3/site-packages/gpoa/gpupdate
warning: File listed twice: /usr/lib/python3/site-packages/gpoa/gpupdate-setup
warning: Macro %python3_sitelibdir not found
warning: absolute symlink: /usr/src/tmp/gpupdate-buildroot/usr/bin/gpupdate -> /usr/lib/python3/site-packages/gpoa/gpupdate
warning: absolute symlink: /usr/src/tmp/gpupdate-buildroot/usr/sbin/gpoa -> /usr/lib/python3/site-packages/gpoa/gpoa
warning: absolute symlink: /usr/src/tmp/gpupdate-buildroot/usr/sbin/gpupdate-setup -> /usr/lib/python3/site-packages/gpoa/gpupdate-setup

CA certificates

Просьба реализовать установку корневого сертификата сайта для браузеров.
В ADP реализовано (аналог applier) так. Возможно есть более изощренный способ, а сертификаты возможно получится искать в стандартном месте ГП для Windows.

get_user_dir возвращает значения с нераскрытыми переменными среды окружения

Например, DESKTOP ­— "$HOME/Рабочий стол"
Требуется раскрывать переменные среды окружения типа $HOME. Лучше не самим парсить, а воспользоваться готовыми программами:

import subprocess
subprocess.check_output(['xdg-user-dir', 'DESKTOP']).decode()
'/home/TEST.ALT/ho/Рабочий стол\n'

gpupdate, default realm и все что с этим связано

AltLinux Workstation 9.x
Огромное количество вопосов по функционированию gpupdate. Начну с самого начала.

Последние обновления всего. Введен в домен, авторизация работает, билеты получает.

Вхожу доменным юзером, смотрю билет

$ klist
Ticket cache: KEYRING:persistent:215651267:krb_ccache_0AIVo0K
Default principal: *****@*****.LOCAL

Valid starting       Expires              Service principal
18.08.2021 11:53:39  18.08.2021 21:53:39  krbtgt/*****.LOCAL@*****.LOCAL
        renew until 25.08.2021 11:53:39

выдан, все хорошо.

Имя машины ALT-TEST-01L, это и хостнейм и в домен введена пож этим именем
Смотрю, что есть

Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 host/alt-test-01l.*****[email protected] (aes256-cts-hmac-sha1-96) 
   3 host/ALT-TEST-01L@*****.LOCAL (aes256-cts-hmac-sha1-96) 
   3 host/alt-test-01l.*****.local@*****.LOCAL (aes128-cts-hmac-sha1-96) 
   3 host/ALT-TEST-01L@*****.LOCAL (aes128-cts-hmac-sha1-96) 
   3 host/alt-test-01l.*****.local@*****.LOCAL (arcfour-hmac) 
   3 host/ALT-TEST-01L@*****.LOCAL (arcfour-hmac) 
   3 ALT-TEST-01L$@*****.LOCAL (aes256-cts-hmac-sha1-96) 
   3 ALT-TEST-01L$@*****.LOCAL (aes128-cts-hmac-sha1-96) 
   3 ALT-TEST-01L$@*****.LOCAL (arcfour-hmac)

все замечательно. Идем дальше. Включаем gpupdate

/usr/sbin/gpupdate-setup write enable workstation

Смотрим, что и как работает

$ sudo gpoa --loglevel 0
2021-08-18 11:54:13.213|[D00001]| Произведён запуск GPOA для обновления политик пользователя|{"username": "root", "uid": 0}
2021-08-18 11:54:13.214|[D00002]| Имя пользователя не указано - будет использовано имя владельца процесса|{"username": "root"}
2021-08-18 11:54:13.215|[D00015]| Определено имя пользователя для фронтенда|{"username": "root"}
2021-08-18 11:54:13.216|[D00003]| Инициализация плагинов|{}
2021-08-18 11:54:13.217|[D00004]| Инициализирован плагин ADP|{}
2021-08-18 11:54:13.218|[D00005]| Запущен плагин ADP|{}
2021-08-18 11:54:14.413|[D00018]| Имя домена Active Directory успешно определено при запросе к LDAP|{"domain": "adm72.local"}
2021-08-18 11:54:14.414|[D00009]| Инициализация бэкэнда Samba|{"domain": "*****.local"}
kinit: Configuration file does not specify default realm when parsing name ALT-TEST-01L$
2021-08-18 11:54:14.427|[E00007]| Невозможно инициализировать бэкэнд Samba|{"error": "kinit is not successful"}

не запускается, что-то в сторону default realm.. смотрим /etc/krb5.conf

Он полностью дефолтный, default_realm за коментирован.

$ cat /etc/krb5.conf
includedir /etc/krb5.conf.d/

[logging]
# default = FILE:/var/log/krb5libs.log
# kdc = FILE:/var/log/krb5kdc.log
# admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_kdc = true
 dns_lookup_realm = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
# default_realm = EXAMPLE.COM
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#  default_domain = example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

Пишу свой realm, т.е. правлю 1 строку, получаю

[logging]
# default = FILE:/var/log/krb5libs.log
# kdc = FILE:/var/log/krb5kdc.log
# admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_kdc = true
 dns_lookup_realm = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_realm = *****.LOCAL
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#  default_domain = example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

Смотрим, что и как работает снова

$ sudo gpoa --loglevel 0

процесс пошел.. вытягиваются гр. политики.. несколько экранов строк, все с виду ок..
немного напрягает в конце строка..

2021-08-18 12:09:45.640|[E00024]| Ошибка во время работы applier для машины|{"applier_name": "ntp", "msg": "'NoneType' object has no attribute 'data'"}

но пока не до нее, пропускаем.

Отключаюсь от машины. Захожу снова. Локально в графике, или через ssh не суть. Авторизация проходит, хотя было пару раз

org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

идем дальше..

$ klist
klist: Credentials cache keyring 'persistent:215651267:krb_ccache_BcE7JOk' not found

если сильно долго ждать.. минут 5-10, то klist отработает нормально
Если закомментировать обратно в /etc/krb5.conf строку default_realm, сработает сразу.

Если нужен конфиг sssd.conf то вот он

$ sudo cat  /etc/sssd/sssd.conf

[sssd]
config_file_version = 2
user = root
domains = *****.LOCAL
services = pam,nss

[nss]

[pam]

[domain/ADM72.LOCAL]
  id_provider = ad
  auth_provider = ad
  chpass_provider = ad
  default_shell = /bin/bash
  fallback_homedir = /home/%d/%u
  ad_server = dc2-*****.*****.local
  ad_backup_server = _srv_
  cache_credentials = true
  debug_level = 2
  ad_site = IPС-*****
  ad_gpo_map_service = +xrdp-sesman

т.е. либо получать нормально билеты, либо использовать gpupdate. Что я делаю не так?

Samba pygpo regression

There are problem got from samba gpo python binding (reproduced on samba 4.11 and later release):

admin@gp ~ $ gpupdate 
DEBUG:root:2020-05-15 23:33:38:Target is: All
ERROR:root:Unable to perform gpupdate for None with current permissions, will update current user settings
DEBUG:root:Starting gpupdate via D-Bus
INFO:root:2020-05-15 23:33:38:Starting GPO applier for computer via D-Bus
DEBUG:root:2020-05-15 23:33:39:Exit code is 0
Setting log level to ERROR
Apply group policies for computer.
2020-05-15 23:33:38:adp is not installed - plugin cannot be initialized
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164

Processing output during login

At version 0.8.1 login via ssh if domain is not available looks like this:

[sin@base ~]$ ssh eth.xpi
{'file': '/usr/sbin/gpoa', 'line': 120, 'name': 'start_backend', 'type': 'NTSTATUSError', 'message': NTSTATUSError(3221225524, 'The object name is not found.')}
<class 'dict'>
Apply group policies for sin.
Last login: Sun Sep 13 14:42:17 2020 from 10.64.255.9

I think that processing is required here and the output should be made something like this:

[sin@base ~]$ ssh eth.xpi
Access to samba domain failed. Apply group policies for sin from local cache.
Last login: Sun Sep 13 14:42:17 2020 from 10.64.255.9

No automatic enabling of gpupdate-user service for users

At the moment - gpupdate-user.service is not started by default so you have to enable it manually. It is needed to enable this unit when doing bootstrap using nodomain_backend and local-policy. I don't know how to invoke systemctl --global enable gpupdate-user via D-Bus so I'll be glad to hear any ideas.

D-Bus timeout error: Did not receive a reply

gpupdate not working on AD domain, because of 25-second reply limit on dbus.

DEBUG:root:2020-07-14 10:14:25:Target is: All
ERROR:root:Unable to perform gpupdate for None with current permissions, will update current user settings
DEBUG:root:Starting gpupdate via D-Bus
INFO:root:2020-07-14 10:14:25:Starting GPO applier for computer via D-Bus
ERROR:root:2020-07-14 10:14:50:No reply from oddjobd gpoa runner for computer
ERROR:root:Error running GPOA for computer: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

GPOA:

# time gpoa
Setting log level to ERROR
2020-07-14 10:39:40:adp is not installed - plugin cannot be initialized
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
        reference at ../../pytalloc_util.c:164
        ...
        reference at ../../pytalloc_util.c:164
2.69user 0.74system 1:20.26elapsed 4%CPU (0avgtext+0avgdata 79028maxresident)k
0inputs+27736outputs (0major+42196minor)pagefaults 0swaps

Similar issue: https://bugzilla.redhat.com/show_bug.cgi?id=1085491

Questions about shortcuts policy

On AD side, create test group policy - Shortcut policy and Shortcut policy for users. User's shortcuts with 'u' prefix in name

_2021-08-18_12-24

run sudo gpoa --loglevel 0
i see xml definitions of shortcuts policy (for computer and users)
...
2021-08-18 12:27:14.223|[D00024]| Поиск настроек в машинной части GPT|{"setting": "shortcuts", "prefpath": "/var/cache/samba/gpo_cache/ADM72.LOCAL/POLICIES/{A57FEC51-4AE8-4A96-BBAF-EA4D5D85B3B6}/MACHINE/PREFERENCES/SHORTCUTS/SHORTCUTS.XML"}
2021-08-18 12:27:14.224|[D00023]| Поиск настроек в пользовательской части GPT|{"setting": "shortcuts", "prefpath": "/var/cache/samba/gpo_cache/ADM72.LOCAL/POLICIES/{A57FEC51-4AE8-4A96-BBAF-EA4D5D85B3B6}/USER/PREFERENCES/SHORTCUTS/SHORTCUTS.XML"}
..

At now I see desktop files (from computer's policy) in /etc/skel/Desktop/

ls -1 /etc/skel/Desktop/
Geany2.desktop
Geany.desktop
geany_wo_icon.desktop
'Редактор NotepadQQ.desktop'

First question: Files from /etc/skel/Desktop/ apply to first user login when home created. Not for exist users.
Second question: Where is shortcuts for users (winth u prefix)? They are nowhere to be found, and on the desktop too.

kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed 

2020-06-29 13:31:31:Cache directory is: /var/cache/samba
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dc0.domain.alt with user[GP$] realm[DOMAIN.ALT]: Invalid credentials
2020-06-29 13:31:31:Unable to get GPO list for GP$ from dc0.domain.alt: ads_connect() failed: Invalid credentials
2020-06-29 13:31:31:Unable to refresh GPO list for GP$ from dc0.domain.alt
update_gpos (3221225581, 'The attempted logon is invalid. This is either due to a bad username or authentication information.')
2020-06-29 13:31:31:Backend execution error: (3221225581, 'The attempted logon is invalid. This is either due to a bad username or authentication information.')
2020-06-29 13:31:31:Username for frontend is set to administrator

gpupdate use hostname instead netbios name

My hostname like this altp9-ansible-node100
But netbios name in smb.conf altp9-ansible-1
gpupdate tried use altp9-ansible-node100 , - it's wrong
right way get from smb,conf
grep -iP 'netbios\s+name\s+=' /etc/samba/smb.conf | awk -F '=' '{print $2}' | sed -r 's/^\s+|\s+$//g'

getpwuid failed

@mastersin triggeger a bug with error message looking like add_local_groups: SID S-1-5-21-1609667327-4120075585-2415302043-1109 -> getpwuid(10000) failed, is nsswitch configured?:

gp ~ # gpoa --loglevel 0
Setting log level to DEBUG
2020-06-25 21:23:55:The process was started for user root with UID 0
2020-06-25 21:23:55:Username is not specified - will use username of current process
2020-06-25 21:23:55:Username for frontend is set to root
Ticket cache: FILE:/var/cache/gpupdate/creds/krb5cc_16471
Default principal: [email protected]

Valid starting       Expires              Service principal
25.06.2020 21:23:37  26.06.2020 07:23:37  krbtgt/[email protected]
        renew until 02.07.2020 21:23:37

2020-06-25 21:23:55:Ticket check succeed
2020-06-25 21:23:55:Starting plugin manager
2020-06-25 21:23:55:adp is not installed - plugin cannot be initialized
2020-06-25 21:23:55:Found domain via CLDAP: domain.alt
Initialize Samba backend for domain: domain.alt
2020-06-25 21:23:55:Setting info domain:domain.alt
2020-06-25 21:23:55:Working with SID: S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:23:55:Setting info machine_name:GP$
2020-06-25 21:23:55:Setting info machine_sid:S-1-5-21-1609667327-4120075585-2415302043-1109
2020-06-25 21:23:55:Initializing cache sqlite:////var/cache/gpupdate/regpol_cache.sqlite
2020-06-25 21:23:55:Initializing cache sqlite:////var/cache/gpupdate/gpo_names.sqlite
2020-06-25 21:23:55:Cache directory is: /var/cache/samba
add_local_groups: SID S-1-5-21-1609667327-4120075585-2415302043-1109 -> getpwuid(10000) failed, is nsswitch configured?
2020-06-25 21:23:55:Unable to get GPO list for GP$ from dc0.domain.alt
2020-06-25 21:23:55:Username for frontend is set to root
2020-06-25 21:23:55:Error getting SID using wbinfo, will use cached SID: local-root
2020-06-25 21:23:55:Working with SID: local-root
2020-06-25 21:23:55:Deny_All setting not found
2020-06-25 21:23:55:Deny_All setting not found
2020-06-25 21:23:55:Applying computer part of settings
Running machine applier control
Running machine applier polkit
2020-06-25 21:23:55:Generated file /etc/polkit-1/rules.d/49-gpoa_disk_permissions.rules with arguments {'Deny_All': 0}
Running machine applier systemd
Running machine applier firefox
2020-06-25 21:23:55:Wrote Firefox preferences to /usr/lib64/firefox/distribution/policies.json
Running machine applier chromium
2020-06-25 21:23:55:Chromium policy 'HomepageLocation' set to about:blank
2020-06-25 21:23:55:Wrote Chromium preferences to /etc/chromium/policies/managed/policies.json
Running machine applier shortcuts
2020-06-25 21:23:55:No shortcuts to process for S-1-5-21-1609667327-4120075585-2415302043-1109
Running machine applier gsettings
Running machine applier cups
Running machine applier folders
Running machine applier package
Получено: 1 http://mirror.yandex.ru p9/branch/x86_64 release [1949B]
Получено: 2 http://mirror.yandex.ru p9/branch/x86_64-i586 release [1175B]
Получено: 3 http://mirror.yandex.ru p9/branch/noarch release [1539B]
Получено: 4 http://git.altlinux.org repo/241549/x86_64 release [1189B]
Получено: 5 http://git.altlinux.org repo/241549/x86_64-i586 release [1164B]
Получено: 6 http://git.altlinux.org repo/253112/x86_64 release [1189B]
Получено: 7 http://git.altlinux.org repo/253112/x86_64-i586 release [1164B]
Получено 9369B за 0s (76,6kB/s).
Найдено http://mirror.yandex.ru p9/branch/x86_64/classic pkglist
Найдено http://git.altlinux.org repo/241549/x86_64/task pkglist
Найдено http://mirror.yandex.ru p9/branch/x86_64/classic release
Найдено http://mirror.yandex.ru p9/branch/x86_64-i586/classic pkglist
Найдено http://mirror.yandex.ru p9/branch/x86_64-i586/classic release
Найдено http://mirror.yandex.ru p9/branch/noarch/classic pkglist
Найдено http://mirror.yandex.ru p9/branch/noarch/classic release
Найдено http://git.altlinux.org repo/241549/x86_64/task release
Найдено http://git.altlinux.org repo/241549/x86_64-i586/task pkglist
Найдено http://git.altlinux.org repo/241549/x86_64-i586/task release
Найдено http://git.altlinux.org repo/253112/x86_64/task pkglist
Найдено http://git.altlinux.org repo/253112/x86_64/task release
Найдено http://git.altlinux.org repo/253112/x86_64-i586/task pkglist
Найдено http://git.altlinux.org repo/253112/x86_64-i586/task release
Чтение списков пакетов... Завершено
Построение дерева зависимостей... Завершено
Other credential caches present, use -A to destroy all

The error is caused by UID mapping mismatch because there is no idmap configured in smb.conf. The mapping should look like this:

        idmap config * : range = 10000-20000000
        idmap config * : backend = tdb

Implementation of ability to send logs to syslog collector

There is a thing called "syslog collector" or "syslog server" which collects logging data from all the applications in the enterprise infrastructure. The data may be later forwarded to services like Zabbix, Splunk, Graylog and others alike for analysis. The analysis may be performed, for example, to notify system administrators of GPO application failures. It also allows to gather all the necessary information without interacting with users or their machines asking to provide additional information.

The starting point I believe is setting up simple syslog server daemon like syslog-ng or rsyslog. From gpupdate codebase point of view it is needed to implement configuration file option to specify host and port for logging and add Python logger for syslog which must be activated on option presence.

Возможно ли собрать эту утилиту НЕ на alt linux?

Пытался собрать на другом дистрибутиве linux но на этапе сборки спотыкается на том , что нужна утилита control
а эта утилита я так понимаю чисто альтовская и исходников ее я не нашел, чтобы собрать. выходит будет работать только на alt linux?

Ошибка применения настройки Proxy Setting браузера Mozilla Firefox

Возникает ошибка применения настройки групповой политики расположенной в ветке Mozilla->Firefox->Proxy Setting
После применения политики на компьютере, при открытии браузера и перехода на страницу: about:policies#errors отображается сообщение "Invalid parameters specified for Proxy." Политика настройки прокси не применяется.

В файле /etc/firefox/policies/policies.json после применения политики присутствует следующее содержимое:

{"policies": {"Proxy": {"AutoConfigURL": "http://proxy.com/", "AutoLogin": false, "FTPProxy": "", "HTTPProxy": "", "Locked": true, "Mode": "autoConfig", "Passthrough": "", "SOCKSProxy": "", "SOCKSVersion": null, "SSLProxy": "", "UseHTTPProxyForAllProtocols": false, "UseProxyForDNS": false}, "SecurityDevices": {"PKS": "/usr/lib64/onepin-opensc-pkcs11.so"}}}

Если изменить "SOCKSVersion": null на "SOCKSVersion": 4 или 5, то настройки прокси сервера в браузере применяются без ошибок. Содержимое корректного файла ниже:

{"policies": {"Proxy": {"AutoConfigURL": "http://proxy.com/", "AutoLogin": false, "FTPProxy": "", "HTTPProxy": "", "Locked": true, "Mode": "autoConfig", "Passthrough": "", "SOCKSProxy": "", "SOCKSVersion": 5, "SSLProxy": "", "UseHTTPProxyForAllProtocols": false, "UseProxyForDNS": false}, "SecurityDevices": {"PKS": "/usr/lib64/onepin-opensc-pkcs11.so"}}}

В описании настройки политики "Proxy Setting" есть примечание "Из-за ошибки необходимо выбрать значение для версии прокси SOCKS.
Вероятно значение этого параметра не может быть пустым.

Версия браузера: Mozilla Firefox for Alt Linux 91.10.0esr (64-битный)
Версия политик: Firefox v3.10 https://github.com/mozilla/policy-templates/releases/tag/3.10

Версия gpupdate: 0.9.11.2-alt1

gpupdate-setup not work with emtpty profile

There are a problem found during testing new gpupdate with empty profile:

[root@dc ~]# gpupdate-setup write enable dmnet
dmnet
[root@dc ~]# echo $?
0
[root@dc ~]# gpupdate-setup 
disabled
[root@dc ~]# cat /usr/share/local-policy/dmnet/Machine/Registry.pol.xml 
<?xml version="1.0" encoding="utf-8"?>
<PolFile num_entries="0" signature="PReg" version="1">
</PolFile>

Next command runs in setup process:

/usr/sbin/control system-policy gpupdate
/usr/sbin/gpoa --nodomain --loglevel 5
systemctl --global enable gpupdate-user.service

But status of gpupdate enabled or disabled defines by gpupdate.service enabled (simply by /etc/systemd/system/multi-user.target.wants/gpupdate.service exists)

So, if nodomain bootstrap process not includes gpupdate.service enabling, successfully running of all steps of gpupdate-setup not enables gpupdate.service as needed. Also every separate step in setup process not checks result in command() method runs from python.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.