diff options
author | David Mulder <dmulder@samba.org> | 2022-11-17 16:33:24 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2022-11-21 21:01:31 +0000 |
commit | ca5f8072a4c7be6fdebef494664a27bbd73340ff (patch) | |
tree | 14d4bd939a1673959ba7849f5ead4d74185b68b8 /python/samba/netcmd/gpo.py | |
parent | 9f6cf276e22b82601a81286fabeae5303f58339c (diff) | |
download | samba-ca5f8072a4c7be6fdebef494664a27bbd73340ff.tar.gz |
gp: PAM Access should implicitly deny ALL w/ allow
If an allow entry is specified, the PAM Access
CSE should implicitly deny ALL (everyone other
than the explicit allow entries).
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'python/samba/netcmd/gpo.py')
-rw-r--r-- | python/samba/netcmd/gpo.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index 2bcee59bd93..9cd08273aaa 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -3815,7 +3815,8 @@ class cmd_add_access(Command): """Adds a VGP Host Access Group Policy to the sysvol This command adds a host access setting to the sysvol for applying to winbind -clients. +clients. Any time an allow entry is detected by the client, an implicit deny +ALL will be assumed. Example: samba-tool gpo manage access add {31B2F340-016D-11D2-945F-00C04FB984F9} allow goodguy example.com |