Fix some policies content path being exported as capitalized "MACHINE" vs "Machine" for instance

[slapcat]

Description

ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied.

Reproduction

• Create GPO in AD and apply to computers/users. (Tested with default policy and brand new policy.) Example: disable terminal.
• Restart and/or manually sync the client machine.
• Login and attempt to open terminal.

Environment

ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: pass
Date: Fri Jun 10 18:18:16 2022
Dependencies:
 adduser 3.118ubuntu5
 apt 2.4.5
 apt-utils 2.4.5
 bind9-host 1:9.18.1-1ubuntu1.1
 bind9-libs 1:9.18.1-1ubuntu1.1
 ca-certificates 20211016
 cracklib-runtime 2.9.6-3.4build4
 dbus 1.12.20-2ubuntu4
 debconf 1.5.79ubuntu1
 debconf-i18n 1.5.79ubuntu1
 dirmngr 2.2.27-3ubuntu2
 distro-info 1.1build1
 distro-info-data 0.52ubuntu0.1
 dpkg 1.21.1ubuntu2.1
 file 1:5.41-3
 gcc-12-base 12-20220319-1ubuntu1
 gnupg 2.2.27-3ubuntu2
 gnupg-l10n 2.2.27-3ubuntu2
 gnupg-utils 2.2.27-3ubuntu2
 gpg 2.2.27-3ubuntu2
 gpg-agent 2.2.27-3ubuntu2
 gpg-wks-client 2.2.27-3ubuntu2
 gpg-wks-server 2.2.27-3ubuntu2
 gpgconf 2.2.27-3ubuntu2
 gpgsm 2.2.27-3ubuntu2
 gpgv 2.2.27-3ubuntu2
 init-system-helpers 1.62
 iso-codes 4.9.0-1
 ldap-utils 2.5.11+dfsg-1~exp1ubuntu3.1
 libacl1 2.3.1-1
 libapparmor1 3.0.4-2ubuntu2
 libapt-pkg6.0 2.4.5
 libassuan0 2.5.5-1build1
 libaudit-common 1:3.0.7-1build1
 libaudit1 1:3.0.7-1build1
 libavahi-client3 0.8-5ubuntu5
 libavahi-common-data 0.8-5ubuntu5
 libavahi-common3 0.8-5ubuntu5
 libbasicobjects0 0.6.2-1
 libblkid1 2.37.2-4ubuntu3
 libbsd0 0.11.5-1
 libbz2-1.0 1.0.8-5build1
 libc-ares2 1.18.1-1build1
 libc6 2.35-0ubuntu3
 libcap-ng0 0.7.9-2.2build3
 libcap2 1:2.44-1build3
 libcollection4 0.6.2-1
 libcom-err2 1.46.5-2ubuntu1.1
 libcrack2 2.9.6-3.4build4
 libcrypt1 1:4.4.27-1
 libcups2 2.4.1op1-1ubuntu4.1
 libdb5.3 5.3.28+dfsg1-0.8ubuntu3
 libdbus-1-3 1.12.20-2ubuntu4
 libdhash1 0.6.2-1
 libexpat1 2.4.7-1
 libffi8 3.4.2-4
 libgcc-s1 12-20220319-1ubuntu1
 libgcrypt20 1.9.4-3ubuntu3
 libglib2.0-0 2.72.1-1
 libglib2.0-data 2.72.1-1
 libgmp10 2:6.2.1+dfsg-3ubuntu1
 libgnutls30 3.7.3-4ubuntu1
 libgpg-error0 1.43-3
 libgpgme11 1.16.0-1.2ubuntu4
 libgpm2 1.20.7-10build1
 libgssapi-krb5-2 1.19.2-2
 libhogweed6 3.7.3-1build2
 libicu70 70.1-2
 libidn2-0 2.3.2-2build1
 libini-config5 0.6.2-1
 libipa-hbac0 2.6.3-1ubuntu3
 libjansson4 2.13.1-1.1build3
 libjson-c5 0.15-3~ubuntu1.22.04.1
 libjson-glib-1.0-0 1.6.6-1build1
 libjson-glib-1.0-common 1.6.6-1build1
 libk5crypto3 1.19.2-2
 libkeyutils1 1.6.1-2ubuntu3
 libkrb5-3 1.19.2-2
 libkrb5support0 1.19.2-2
 libksba8 1.6.0-2build1
 libldap-2.5-0 2.5.11+dfsg-1~exp1ubuntu3.1
 libldap-common 2.5.11+dfsg-1~exp1ubuntu3.1
 libldb2 2:2.4.2-0ubuntu1
 liblmdb0 0.9.24-1build2
 liblocale-gettext-perl 1.07-4build3
 liblz4-1 1.9.3-2build2
 liblzma5 5.2.5-2ubuntu1
 libmagic-mgc 1:5.41-3
 libmagic1 1:5.41-3
 libmaxminddb0 1.5.2-1build2
 libmd0 1.0.4-1build1
 libmount1 2.37.2-4ubuntu3
 libmpdec3 2.5.1-2build2
 libncursesw6 6.3-2
 libnettle8 3.7.3-1build2
 libnfsidmap1 1:2.6.1-1ubuntu1
 libnghttp2-14 1.43.0-1build3
 libnl-3-200 3.5.0-0.1
 libnl-route-3-200 3.5.0-0.1
 libnpth0 1.6-3build2
 libnsl2 1.3.0-2build2
 libnss-sss 2.6.3-1ubuntu3
 libp11-kit0 0.24.0-6build1
 libpam-modules 1.4.0-11ubuntu2
 libpam-modules-bin 1.4.0-11ubuntu2
 libpam-pwquality 1.4.4-1build2
 libpam-runtime 1.4.0-11ubuntu2
 libpam-sss 2.6.3-1ubuntu3
 libpam0g 1.4.0-11ubuntu2
 libpath-utils1 0.6.2-1
 libpcre2-8-0 10.39-3build1
 libpcre3 2:8.39-13ubuntu0.22.04.1
 libpolkit-gobject-1-0 0.105-33
 libpopt0 1.18-3build1
 libpwquality-common 1.4.4-1build2
 libpwquality1 1.4.4-1build2
 libpython3-stdlib 3.10.4-0ubuntu2
 libpython3.10 3.10.4-3
 libpython3.10-minimal 3.10.4-3
 libpython3.10-stdlib 3.10.4-3
 libreadline8 8.1.2-1
 libref-array1 0.6.2-1
 libsasl2-2 2.1.27+dfsg2-3ubuntu1
 libsasl2-modules 2.1.27+dfsg2-3ubuntu1
 libsasl2-modules-db 2.1.27+dfsg2-3ubuntu1
 libsasl2-modules-gssapi-mit 2.1.27+dfsg2-3ubuntu1
 libseccomp2 2.5.3-2ubuntu2
 libselinux1 3.3-1build2
 libsemanage-common 3.3-1build2
 libsemanage2 3.3-1build2
 libsepol2 3.3-1build1
 libsmartcols1 2.37.2-4ubuntu3
 libsmbclient 2:4.15.5~dfsg-0ubuntu5
 libsqlite3-0 3.37.2-2
 libssl3 3.0.2-0ubuntu1.2
 libsss-certmap0 2.6.3-1ubuntu3
 libsss-idmap0 2.6.3-1ubuntu3
 libsss-nss-idmap0 2.6.3-1ubuntu3
 libstdc++6 12-20220319-1ubuntu1
 libsystemd0 249.11-0ubuntu3.1
 libtalloc2 2.3.3-2build1
 libtasn1-6 4.18.0-4build1
 libtdb1 1.4.5-2build1
 libtevent0 0.11.0-1build1
 libtext-charwidth-perl 0.04-10build3
 libtext-iconv-perl 1.7-7build3
 libtext-wrapi18n-perl 0.06-9
 libtinfo6 6.3-2
 libtirpc-common 1.3.2-2build1
 libtirpc3 1.3.2-2build1
 libudev1 249.11-0ubuntu3.1
 libunistring2 1.0-1
 libuuid1 2.37.2-4ubuntu3
 libuv1 1.43.0-1
 libwbclient0 2:4.15.5~dfsg-0ubuntu5
 libxml2 2.9.13+dfsg-1ubuntu0.1
 libxxhash0 0.8.1-1
 libyaml-0-2 0.2.2-1build2
 libzstd1 1.4.8+dfsg-3build1
 lsb-base 11.1.0ubuntu4
 lsb-release 11.1.0ubuntu4
 media-types 7.0.0
 openssl 3.0.2-0ubuntu1.2
 passwd 1:4.8.1-2ubuntu2
 perl-base 5.34.0-3ubuntu1
 pinentry-curses 1.1.1-1build2
 python-apt-common 2.3.0ubuntu2
 python3 3.10.4-0ubuntu2
 python3-apt 2.3.0ubuntu2
 python3-gpg 1.16.0-1.2ubuntu4
 python3-ldb 2:2.4.2-0ubuntu1
 python3-minimal 3.10.4-0ubuntu2
 python3-pkg-resources 59.6.0-1.2
 python3-samba 2:4.15.5~dfsg-0ubuntu5
 python3-sss 2.6.3-1ubuntu3
 python3-talloc 2.3.3-2build1
 python3-tdb 1.4.5-2build1
 python3-yaml 5.4.1-1ubuntu1
 python3.10 3.10.4-3
 python3.10-minimal 3.10.4-3
 readline-common 8.1.2-1
 samba-dsdb-modules 2:4.15.5~dfsg-0ubuntu5
 samba-libs 2:4.15.5~dfsg-0ubuntu5
 sensible-utils 0.0.17
 shared-mime-info 2.1-2
 sssd 2.6.3-1ubuntu3
 sssd-ad 2.6.3-1ubuntu3
 sssd-ad-common 2.6.3-1ubuntu3
 sssd-common 2.6.3-1ubuntu3
 sssd-dbus 2.6.3-1ubuntu3
 sssd-ipa 2.6.3-1ubuntu3
 sssd-krb5 2.6.3-1ubuntu3
 sssd-krb5-common 2.6.3-1ubuntu3
 sssd-ldap 2.6.3-1ubuntu3
 sssd-proxy 2.6.3-1ubuntu3
 tar 1.34+dfsg-1build3
 ubuntu-advantage-desktop-daemon 1.9~22.04.1
 ubuntu-advantage-tools 27.8~22.04.1
 ubuntu-keyring 2021.03.26
 uuid-runtime 2.37.2-4ubuntu3
 wamerican 2020.12.07-2
 xdg-user-dirs 0.17-2ubuntu4
 zlib1g 1:1.2.11.dfsg-2ubuntu9
DistroRelease: Ubuntu 22.04
InstallationDate: Installed on 2022-06-07 (3 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419)
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl icp
Package: adsys 0.8.4
PackageArchitecture: amd64
ProcCpuinfoMinimal:
 processor  : 1
 vendor_id  : AuthenticAMD
 cpu family : 23
 model      : 8
 model name : AMD Ryzen 7 2700X Eight-Core Processor
 stepping   : 2
 microcode  : 0x800820d
 cpu MHz        : 3693.060
 cache size : 512 KB
 physical id    : 1
 siblings   : 1
 core id        : 0
 cpu cores  : 1
 apicid     : 1
 initial apicid : 1
 fpu        : yes
 fpu_exception  : yes
 cpuid level    : 13
 wp     : yes
 flags      : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy svm cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw perfctr_core ssbd ibpb vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero xsaveerptr virt_ssbd arat npt nrip_save tsc_scale vmcb_clean arch_capabilities
 bugs       : sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass
 bogomips   : 7386.12
 TLB size   : 1024 4K pages
 clflush size   : 64
 cache_alignment    : 64
 address sizes  : 48 bits physical, 48 bits virtual
 power management:
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 5.15.0-37.39-generic 5.15.35
RelatedPackageVersions:
 sssd          2.6.3-1ubuntu3
 python3-samba 2:4.15.5~dfsg-0ubuntu5
SourcePackage: adsys
Tags:  jammy
Uname: Linux 5.15.0-37-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
_MarkForUpload: True
modified.conffile..etc.polkit-1.localauthority.conf.d.99-adsys-privilege-enforcement.conf: [deleted]
modified.conffile..etc.sudoers.d.99-adsys-privilege-enforcement: [deleted]

Installed versions

• OS: 22.04 LTS (Jammy Jellyfish)
• ADSys version: adsysctl 0.8.4 adsysd 0.8.4

Additional context

User running adsysctl update -vvv:

INFO github.com/ubuntu/adsys/internal/config/config.go:62 Init() No configuration file: Config File "adsys" Not Found in "[/home/josh@example.com /etc]".
We will only use the defaults, env variables or flags. 
DEBUG Connecting as [[6631:012933]]                
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/UpdatePolicy 
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: IsComputer: false, All: false, Target: josh@example.com, Krb5Cc: /tmp/krb5cc_720601104_AcWNB0 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:533 (*AD).NormalizeTargetName() NormalizeTargetName for "josh@example.com", type "user" 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:191 Authorizer.isAllowed() Polkit call result, authorized: true 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() GetPolicies for "josh@example.com", type "user" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() Getting gpo list with arguments: "--objectclass user ldap://example.example.com josh@example.com" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() GPO "Default Domain Policy" for "josh@example.com" available at "smb://example.com/sysvol/example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() Parsing GPO "Default Domain Policy" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory 
DEBUG github.com/ubuntu/adsys/internal/policies/policies.go:48 New() Creating new policies 
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() Apply policy for josh@example.com (machine: false) 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:249 (*Manager).getSubscriptionState() Refresh subscription state 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to josh@example.com 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() Update user profile /etc/dconf/profile/josh@example.com 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:257 (*Manager).getSubscriptionState.func1() Ubuntu advantage is enabled for GPO restrictions 
DEBUG github.com/ubuntu/adsys/internal/policies/scripts/scripts.go:92 (*Manager).ApplyPolicy() Applying scripts policy to josh@example.com 

Admin running sudo adsysctl update -a -vvv:

INFO github.com/ubuntu/adsys/internal/config/config.go:62 Init() No configuration file: Config File "adsys" Not Found in "[/home/jake /root /etc]".
We will only use the defaults, env variables or flags. 
DEBUG Connecting as [[6835:416247]]                
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/UpdatePolicy 
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: IsComputer: false, All: true, Target: , Krb5Cc:  
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:533 (*AD).NormalizeTargetName() NormalizeTargetName for "", type "computer" 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() Authorized as being administrator 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() GetPolicies for "adsys", type "computer" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() Getting gpo list with arguments: "--objectclass computer ldap://example.example.com adsys" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() GPO "Default Domain Policy" for "adsys" available at "smb://example.com/sysvol/example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() Parsing GPO "Default Domain Policy" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "computer" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/Machine/Registry.pol: no such file or directory 
DEBUG github.com/ubuntu/adsys/internal/policies/policies.go:48 New() Creating new policies 
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() Apply policy for adsys (machine: true) 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:249 (*Manager).getSubscriptionState() Refresh subscription state 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to adsys 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:257 (*Manager).getSubscriptionState.func1() Ubuntu advantage is enabled for GPO restrictions 
DEBUG github.com/ubuntu/adsys/internal/policies/scripts/scripts.go:92 (*Manager).ApplyPolicy() Applying scripts policy to adsys 
DEBUG github.com/ubuntu/adsys/internal/policies/privilege/privilege.go:78 (*Manager).ApplyPolicy() Applying privilege policy to adsys 
DEBUG github.com/ubuntu/adsys/internal/policies/gdm/gdm.go:61 (*Manager).ApplyPolicy() ApplyPolicy gdm policy 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to gdm 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() Update user profile /etc/dconf/profile/gdm 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:382 (*AD).ListActiveUsers() ListActiveUsers 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() GetPolicies for "josh@example.com", type "user" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() Getting gpo list with arguments: "--objectclass user ldap://example.example.com josh@example.com" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() GPO "Default Domain Policy" for "josh@example.com" available at "smb://example.com/sysvol/example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() Parsing GPO "Default Domain Policy" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory 
DEBUG github.com/ubuntu/adsys/internal/policies/policies.go:48 New() Creating new policies 
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() Apply policy for josh@example.com (machine: false)
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:249 (*Manager).getSubscriptionState() Refresh subscription state 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to josh@example.com 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() Update user profile /etc/dconf/profile/josh@example.com 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:257 (*Manager).getSubscriptionState.func1() Ubuntu advantage is enabled for GPO restrictions 
DEBUG github.com/ubuntu/adsys/internal/policies/scripts/scripts.go:92 (*Manager).ApplyPolicy() Applying scripts policy to josh@example.com 

sudo ls -lh /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/:

-rw------- 1 root root 27 Jun 10 18:13 GPT.INI
drwx------ 4 root root  6 Jun 10 18:13 MACHINE
drwx------ 2 root root  4 Jun 10 18:13 USER

Important errors:

DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "computer" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/Machine/Registry.pol: no such file or directory 
[...]
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory 

[didrocks]

Hey @slapcat, thanks for reporting this bug and help making adsys better.

Can you share a little bit more about your Active Directory configuration and version? We haven’t encountered a samba share for Active Directory with all capitals. Do you have anything in the local samba config or on the Active Directory SYSVOL resulting in this?

Before making it more flexible, it would be good for us to be able to reproduce this configuration, so that we can create non regression tests based on this. Thanks!

[slapcat]

Thanks for the quick reply! My Windows Server 2019 is very basic and I only set it up to test ADSys. I followed the white paper on best practices and only have DNS and AD DS running on the server.

Below I've added my system information, configuration of all GPOs, and some of my sysvol directory structure. I noticed that some policy folders have the correct title case subfolders (Machine/User) while others do not. Please let me know if you need any other info!

sysinfo.txt GPOs.pdf PowerShell_transcript.EXAMPLE.cgyMVdWD.20220615083150.txt

[slapcat]

I reproduced the same behavior on a fresh install of 20.04 (focal) using the same AD server.

I've also tried manually renaming the folders on the Windows side, purging adsys and reinstalling, then running an update. A different error appears:

root@adsys:/# adsysctl update -m -vvv
INFO github.com/ubuntu/adsys/internal/config/config.go:62 Init() No configuration file: Config File "adsys" Not Found in "[/ /root /etc]".
We will only use the defaults, env variables or flags. 
DEBUG Connecting as [[5090:416727]]                
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/UpdatePolicy 
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: IsComputer: true, All: false, Target: adsys, Krb5Cc:  
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:533 (*AD).NormalizeTargetName() NormalizeTargetName for "adsys", type "computer" 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() Authorized as being administrator 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() GetPolicies for "adsys", type "computer" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() Getting gpo list with arguments: "--objectclass computer ldap://example.example.com adsys" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() GPO "Default Domain Policy" for "adsys" available at "smb://example.com/sysvol/example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() Parsing GPO "Default Domain Policy" 
ERRORgithub.com/ubuntu/adsys/cmd/adsysd/main.go:50 main.run() Error from server: error while updating policy: can't get policies for "adsys": one or more error while parsing downloaded elements: /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/Machine/Registry.pol :can't parse policy: 3 type is not supported for key EFSBlob 

[didrocks]

Ok, let’s separate issues, shall we? This one will be on the case and we’ll fix it once we get time to work back on this project (we have several deploiements and never had that strangely).

I’m puzzled on the second issue and I think you should attach the .pol file to a new bug report so that we can analyze (the type 3 is indeed, not supported, but shouldn’t be part of the keys we analyze as we don’t ship any in our namespace. So how does the EFSBlob key is now part of it?)

[didrocks]

A question on the path content itself (on this bug): can you list the whole content (recursively) of \\Example\sysvol\example.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}? I want to check in particular if Registry.pol is all capital letters or not.

[slapcat]

Sounds good. I think the second issue was just because I was monkeying around with the Windows directory structure, so I'm less concerned about that than the first/primary issues. I've attached a recursive list of the directory as well as the .pol files if they are of any use.

recursive_dir_contents.txt pol_files.tar.gz

[didrocks]

I don’t see any MACHINE capitalized in fileSystem::\\Example\sysvol\example.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}> ls -r. Are you sure you listed the right directories ?

[slapcat]

Ah, you're right. Sorry, that was grabbed after I made the manual renames. Here is a similar output from 2 days prior showing multiple GPOs with uppercase folder names:

PS Microsoft.PowerShell.Core\FileSystem::\\Example\sysvol\example.com\Policies> ls

    Directory: \\Example\sysvol\example.com\Policies

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/10/2022   4:42 PM                PolicyDefinitions
d-----        6/10/2022   4:43 PM                {08F1535F-46D8-4E5C-A869-9A706EF90BF7}
d-----         6/6/2022   4:56 PM                {31B2F340-016D-11D2-945F-00C04FB984F9}
d-----         6/6/2022   4:56 PM                {6AC1786C-016F-11D2-945F-00C04fB984F9}
d-----        6/10/2022   3:51 PM                {DED62756-47DB-4B28-862A-613E3996446E}
d-----        6/10/2022   4:40 PM                {E6AA66F7-6D3B-4E00-BACD-6C0BAED39BCD}

PS Microsoft.PowerShell.Core\FileSystem::\\Example\sysvol\example.com\Policies> ls .\PolicyDefinitions\

    Directory: \\Example\sysvol\example.com\Policies\PolicyDefinitions

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/10/2022   4:42 PM                en-US
-a----        6/10/2022   4:22 PM         158682 ALL.admx

PS Microsoft.PowerShell.Core\FileSystem::\\Example\sysvol\example.com\Policies> ls "{08F1535F-46D8-4E5C-A869-9A706EF90BF7}"

    Directory: \\Example\sysvol\example.com\Policies\{08F1535F-46D8-4E5C-A869-9A706EF90BF7}

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/10/2022   4:45 PM                Machine
d-----        6/10/2022   4:45 PM                User
-a----        6/10/2022   4:43 PM              0 GPO.cmt
-a----        6/10/2022   4:45 PM             64 GPT.INI

PS Microsoft.PowerShell.Core\FileSystem::\\Example\sysvol\example.com\Policies> ls "{31B2F340-016D-11D2-945F-00C04FB984F9}"

    Directory: \\Example\sysvol\example.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/10/2022   4:26 PM                MACHINE
d-----        6/10/2022   4:26 PM                USER
-a----        6/10/2022   4:26 PM             27 GPT.INI

PS Microsoft.PowerShell.Core\FileSystem::\\Example\sysvol\example.com\Policies> ls "{6AC1786C-016F-11D2-945F-00C04fB984F9}"

    Directory: \\Example\sysvol\example.com\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         6/6/2022   4:56 PM                MACHINE
d-----         6/6/2022   4:56 PM                USER
-a----         6/6/2022   4:56 PM             22 GPT.INI

PS Microsoft.PowerShell.Core\FileSystem::\\Example\sysvol\example.com\Policies> ls "{DED62756-47DB-4B28-862A-613E3996446E}"

    Directory: \\Example\sysvol\example.com\Policies\{DED62756-47DB-4B28-862A-613E3996446E}

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/10/2022   3:52 PM                Machine
d-----        6/10/2022   3:51 PM                User
-a----        6/10/2022   3:52 PM             63 GPT.INI

PS Microsoft.PowerShell.Core\FileSystem::\\Example\sysvol\example.com\Policies> ls "{E6AA66F7-6D3B-4E00-BACD-6C0BAED39BCD}"

    Directory: \\Example\sysvol\example.com\Policies\{E6AA66F7-6D3B-4E00-BACD-6C0BAED39BCD}

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/10/2022   4:40 PM                Machine
d-----        6/10/2022   4:40 PM                User
-a----        6/10/2022   4:40 PM             59 GPT.INI

[didrocks]

Excellent! This is what we needed :) So, GPT.INI is always capitale, only Machine vs MACHINE and User vs USER.

I wonder if we do something completely case independent or just support those 2 cases (avoid listing every directories for lowercase string match). This will be easy to fix anyway.

[slapcat]

Glad to hear it!

Adding one more detail: I reinstalled the Windows server and noticed that the Default Domain Policy and Default Domain Controllers Policy directories both had UPPERCASE folder names, but as soon as I created a new GPO from scratch, it used TitleCase names. Hope this helps.

[falencastro]

This issue still happens, only now it's restricted to the pol file, some policies are sent from AD as (User|Machine)/Registry.pol which is what adsys expects, while other policies are sent as (User|Machine)/registry.pol which are not read by adsys, a symbolic link to the expected filename is a workaround.

[didrocks]

@falencastro do you mind opening another bug report for that one as it’s a different issue? It’s true that adsys expect Registry.pol as samba and other services, so we may have multiple code impacts.