Ubuntu
adsys package

  1. Jammy (22.04)
  2. Bug #2059756
  3. Comment #34

Comment 34 for bug 2059756

Revision history for this message
Gabriel Nagy (gabuscus) wrote :

I have validated the new adsys in Jammy using the following steps:
1. Join Jammy client to AD test domain where GPOs are configured
2. Install adsys from proposed
3. Apply user and machine policies (assert non-Pro policy managers)
4. Attach Jammy client to Ubuntu Pro
5. Re-apply user and machine policies (assert Pro-only policy managers)

Below are the steps used:

Joined domain using the following command:

# realm join warthogs.biz -U localadmin -v --unattended <<<$AD_PASSWORD
     ...
  * Successfully enrolled machine in realm

Installed adsys using:
# apt install adsys/jammy-proposed --install-suggests
# apt-cache policy adsys
adsys:
  Installed: 0.14.1~22.04
  Candidate: 0.14.1~22.04
  Version table:
 *** 0.14.1~22.04 400
        400 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     0.9.2~22.04.2 500
        500 http://azure.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
     0.9.2~22.04.1 500
        500 http://azure.archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages
     0.8.4 500
        500 http://azure.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

Applied non-Pro policies:

# adsysctl update -m -v
INFO Downloading "e2e-jammy-fccb9151-computers-gpo"
INFO Downloading "assets"
INFO Applying policies for jammy-fccb9151 (machine: true)
WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: privilege, scripts, mount, apparmor, proxy, certificate

jammy-fccb9151-usr$ adsysctl update -v
INFO GPO "e2e-jammy-fccb9151-users-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for <email address hidden> (machine: false)
WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: scripts, mount

Confirmed non-Pro policies have been applied (dconf/gdm):
# DCONF_PROFILE=gdm dconf read /org/gnome/login-screen/banner-message-text
'Sample banner text'

jammy-fccb9151-usr$ dconf read /org/gnome/shell/favorite-apps
['rhythmbox.desktop']

Confirmed Pro-only policies (e.g. certificate, mount) are not applied:
# getcert list
Number of certificates and requests being tracked: 0.

jammy-fccb9151-usr$ gio mount -l | grep warthogs.biz

Attached machine to Pro and re-applied user and machine policies:
# pro attach $UBUNTU_PRO_TOKEN --no-auto-enable
This machine is now attached to 'Ubuntu Pro - free personal subscription'

# adsysctl update -m -v
INFO GPO "e2e-jammy-fccb9151-computers-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for jammy-fccb9151 (machine: true)
INFO Running machine startup scripts
INFO Certificate autoenrollment script ran successfully

jammy-fccb9151-usr$ adsysctl update -v
INFO GPO "e2e-jammy-fccb9151-users-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for <email address hidden> (machine: false)

Confirmed Pro-only policies have now been applied:

# getcert list
root@jammy-fccb9151:~# getcert list
Number of certificates and requests being tracked: 1.
Request ID 'warthogs-CA.Machine':
 status: MONITORING
 stuck: no
 key pair storage: type=FILE,location='/var/lib/adsys/private/certs/warthogs-CA.Machine.key'
 certificate: type=FILE,location='/var/lib/adsys/certs/warthogs-CA.Machine.crt'
 CA: warthogs-CA
 issuer: CN=warthogs-CA,DC=warthogs,DC=biz
 subject: CN=jammy-fccb9151
    ...

jammy-fccb9151-usr$ gio mount -l | grep warthogs.biz
Mount(0): user-mount-smb on warthogs.biz -> smb://warthogs.biz/user-mount-smb/
Mount(1): user-mount-nfs on warthogs.biz -> nfs://warthogs.biz/user-mount-nfs