This document describes how to manage winbind clients using Group Policy.
About Group Policy
Group Policy provides centralized management and configuration of operating system, application, and user settings. Policies are delivered to clients by listing them in LDAP, under groupPolicyContainer objects. These objects provide the gPCFileSysPath attribute, which points to policy information stored on the domains SYSVOL share.
Policies are enforced by winbind at a random interval between 90 and 120 seconds. Policies can be manually enforced using the
samba-gpupdate --force command.
Configuring Group Policy
Enabling Group Policy in Winbind
To enable Group Policy application in winbind, set the global option apply group policies to yes.
apply group policies = yes
Installing Samba ADMX Templates for the Group Policy Management Console
In order to configure Samba Group Policies, you must first install the ADMX templates provided by Samba.
samba-tool gpo admxload -UAdministrator
The samba-tool gpo admxload command copies the Samba ADMX templates to the <domain>/Policies/PolicyDefinitions directory on the SYSVOL share.