I have validated adsys in Mantic using the following steps:
1. Join Mantic client to AD test domain where GPOs are configured
2. Install adsys from proposed
3. Apply user and machine policies (assert non-Pro policy managers)
4. Attach Mantic client to Ubuntu Pro
5. Re-apply user and machine policies (assert Pro-only policy managers)
# adsysctl update -m -v
INFO Assets directory is already up to date
INFO GPO "e2e-mantic-b093-computers-gpo" is already up to date
INFO Applying policies for mantic-b093 (machine: true)
WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: privilege, scripts, mount, apparmor, proxy, certificate
mantic-b093-usr$ adsysctl update -v
INFO GPO "e2e-mantic-b093-users-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for <email address hidden> (machine: false)
WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: scripts, mount
Confirmed non-Pro policies have been applied (dconf/gdm):
# DCONF_PROFILE=gdm dconf read /org/gnome/login-screen/banner-message-text
'Sample banner text'
Confirmed Pro-only policies (e.g. certificate, mount) are not applied:
# getcert list
Number of certificates and requests being tracked: 0.
mantic-b093-usr$ gio mount -l | grep warthogs.biz
Attached machine to Pro and re-applied user and machine policies:
# pro attach $UBUNTU_PRO_TOKEN --no-auto-enable
This machine is now attached to 'Ubuntu Pro - free personal subscription'
# adsysctl update -m -v
INFO GPO "e2e-mantic-b093-computers-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for mantic-b093 (machine: true)
INFO Running machine startup scripts
INFO Certificate autoenrollment script ran successfully
mantic-b093-usr$ adsysctl update -v
INFO GPO "e2e-mantic-b093-users-gpo" is already up to date
INFO Assets directory is already up to date
INFO Applying policies for <email address hidden> (machine: false)
Confirmed Pro-only policies have now been applied:
# getcert list
root@mantic-b093:~# getcert list
Number of certificates and requests being tracked: 1.
Request ID 'warthogs-CA.Machine':
status: MONITORING
stuck: no
key pair storage: type=FILE,location='/var/lib/adsys/private/certs/warthogs-CA.Machine.key'
certificate: type=FILE,location='/var/lib/adsys/certs/warthogs-CA.Machine.crt'
CA: warthogs-CA
issuer: CN=warthogs-CA,DC=warthogs,DC=biz
subject: CN=mantic-b093
...
mantic-b093-usr$ gio mount -l | grep warthogs.biz
Mount(0): user-mount-smb on warthogs.biz -> smb://warthogs.biz/user-mount-smb/
Mount(1): user-mount-nfs on warthogs.biz -> nfs://warthogs.biz/user-mount-nfs
I have validated adsys in Mantic using the following steps:
1. Join Mantic client to AD test domain where GPOs are configured
2. Install adsys from proposed
3. Apply user and machine policies (assert non-Pro policy managers)
4. Attach Mantic client to Ubuntu Pro
5. Re-apply user and machine policies (assert Pro-only policy managers)
Below are the steps used:
Joined domain using the following command:
# realm join warthogs.biz -U localadmin -v --unattended <<<$AD_PASSWORD
...
* Successfully enrolled machine in realm
Installed adsys using: proposed --install-suggests archive. ubuntu. com/ubuntu mantic- proposed/ main amd64 Packages dpkg/status 13.1ubuntu0. 1 500 azure.archive. ubuntu. com/ubuntu mantic-updates/main amd64 Packages azure.archive. ubuntu. com/ubuntu mantic- security/ main amd64 Packages azure.archive. ubuntu. com/ubuntu mantic/main amd64 Packages
# apt install adsys/mantic-
# apt-cache policy adsys
adsys:
Installed: 0.14.1~23.10.1
Candidate: 0.14.1~23.10.1
Version table:
*** 0.14.1~23.10.1 400
400 http://
100 /var/lib/
0.
500 http://
500 http://
0.13.1 500
500 http://
Applied non-Pro policies:
# adsysctl update -m -v b093-computers- gpo" is already up to date
INFO Assets directory is already up to date
INFO GPO "e2e-mantic-
INFO Applying policies for mantic-b093 (machine: true)
WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: privilege, scripts, mount, apparmor, proxy, certificate
mantic-b093-usr$ adsysctl update -v b093-users- gpo" is already up to date
INFO GPO "e2e-mantic-
INFO Assets directory is already up to date
INFO Applying policies for <email address hidden> (machine: false)
WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: scripts, mount
Confirmed non-Pro policies have been applied (dconf/gdm): login-screen/ banner- message- text
# DCONF_PROFILE=gdm dconf read /org/gnome/
'Sample banner text'
mantic-b093-usr$ dconf read /org/gnome/ shell/favorite- apps desktop' ]
['rhythmbox.
Confirmed Pro-only policies (e.g. certificate, mount) are not applied:
# getcert list
Number of certificates and requests being tracked: 0.
mantic-b093-usr$ gio mount -l | grep warthogs.biz
Attached machine to Pro and re-applied user and machine policies:
# pro attach $UBUNTU_PRO_TOKEN --no-auto-enable
This machine is now attached to 'Ubuntu Pro - free personal subscription'
# adsysctl update -m -v b093-computers- gpo" is already up to date
INFO GPO "e2e-mantic-
INFO Assets directory is already up to date
INFO Applying policies for mantic-b093 (machine: true)
INFO Running machine startup scripts
INFO Certificate autoenrollment script ran successfully
mantic-b093-usr$ adsysctl update -v b093-users- gpo" is already up to date
INFO GPO "e2e-mantic-
INFO Assets directory is already up to date
INFO Applying policies for <email address hidden> (machine: false)
Confirmed Pro-only policies have now been applied:
# getcert list CA.Machine' : location= '/var/lib/ adsys/private/ certs/warthogs- CA.Machine. key' location= '/var/lib/ adsys/certs/ warthogs- CA.Machine. crt' CA,DC=warthogs, DC=biz
root@mantic-b093:~# getcert list
Number of certificates and requests being tracked: 1.
Request ID 'warthogs-
status: MONITORING
stuck: no
key pair storage: type=FILE,
certificate: type=FILE,
CA: warthogs-CA
issuer: CN=warthogs-
subject: CN=mantic-b093
...
mantic-b093-usr$ gio mount -l | grep warthogs.biz biz/user- mount-smb/ biz/user- mount-nfs
Mount(0): user-mount-smb on warthogs.biz -> smb://warthogs.
Mount(1): user-mount-nfs on warthogs.biz -> nfs://warthogs.