Device policies don't apply |
|||||||
Issue descriptionAfter logging in and reloading policies I still don't see the device policies set for my device. They don't show up in chrome://policy and they don't get applied. They show up however in the logs: authpolicy_parser: bool DeviceLoginScreenDefaultHighContrastEnabled=true
,
Jan 12 2017
From what I can see, the policies don't even make it to session manager, thus over to Lutz. (policy_blob size is 0.) Should we log a info or a warning message for cases like this?
2017-01-12T20:15:50.671439+01:00 INFO authpolicyd[1385]: Executing /usr/bin/smbclient '//winmain.chrome.lan/SysVol' '-s' '/tmp/authpolicyd/smb.conf' '-c' 'prompt OFF;cd \chrome.lan\Policies\{2EB440D8-2CA7-4490-B02B-0472DDABEACC}\Machine;lcd /tmp/authpolicyd/samba/cache/gpo_cache/chrome.lan/Policies/{2EB440D8-2CA7-4490-B02B-0472DDABEACC}/Machine;mget Registry.pol;' '-k'
2017-01-12T20:15:50.975600+01:00 INFO authpolicyd[1385]: Stdout:
2017-01-12T20:15:50.975627+01:00 INFO authpolicyd[1385]: Stderr: getting file \chrome.lan\Policies\{2EB440D8-2CA7-4490-B02B-0472DDABEACC}\Machine\Registry.pol of size 356 as Registry.pol (347.6 KiloBytes/sec) (average 347.7 KiloBytes/sec)#012
2017-01-12T20:15:50.975639+01:00 INFO authpolicyd[1385]: Exit code: 0
2017-01-12T20:15:50.975973+01:00 INFO authpolicyd[1385]: Executing /usr/sbin/authpolicy_parser 'parse_device_preg'
2017-01-12T20:15:50.987844+01:00 INFO authpolicy_parser[4546]: bool DeviceLoginScreenDefaultHighContrastEnabled = true
2017-01-12T20:15:50.987876+01:00 INFO authpolicy_parser[4546]: str DeviceLoginScreenDomainAutoComplete = POLICY-POLICY
2017-01-12T20:15:50.987906+01:00 ERR authpolicy_parser[4546]: policy_blob.size(): 0
2017-01-12T20:15:50.988235+01:00 INFO authpolicyd[1385]: Stdout:
2017-01-12T20:15:50.988249+01:00 INFO authpolicyd[1385]: Stderr:
2017-01-12T20:15:50.988255+01:00 INFO authpolicyd[1385]: Exit code: 0
2017-01-12T20:15:50.988289+01:00 INFO authpolicyd[1385]: Device policy fetch and parsing succeeded
2017-01-12T20:15:50.988308+01:00 INFO authpolicyd[1385]: Calling Session Manager D-Bus method StoreUnsignedPolicy
2017-01-12T20:15:51.037944+01:00 INFO authpolicyd[1385]: Call to StoreUnsignedPolicy succeeded.
,
Jan 12 2017
Thiemo, I'm pretty sure device policy is written to the protobuf. Your computer is probably still in the generic Computers container on the server. Move it to test-ou and try again. Alternatively, set policy on the default device policy GPO.
,
Jan 12 2017
Doesn't this indicate that indeed GPO is received? 2017-01-12T20:15:50.987844+01:00 INFO authpolicy_parser[4546]: bool DeviceLoginScreenDefaultHighContrastEnabled = true 2017-01-12T20:15:50.987876+01:00 INFO authpolicy_parser[4546]: str DeviceLoginScreenDomainAutoComplete = POLICY-POLICY
,
Jan 12 2017
Hmm, yes, I missed those lines. I'll look into it.
,
Jan 13 2017
,
Jan 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/f0d1bcd86a8ee71bf0f822c57c91c8fd67c5bfe4 commit f0d1bcd86a8ee71bf0f822c57c91c8fd67c5bfe4 Author: Lutz Justen <ljusten@chromium.org> Date: Fri Jan 13 11:02:59 2017 authpolicy: Fix device policy not applying C# warns about these things. Just saying. BUG= chromium:680504 TEST=Tested on a device, works fine now. Change-Id: Ibb58f1c78303219dd98106cd7cc0f1f513c979df Reviewed-on: https://chromium-review.googlesource.com/427761 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Thiemo Nagel <tnagel@chromium.org> [modify] https://crrev.com/f0d1bcd86a8ee71bf0f822c57c91c8fd67c5bfe4/authpolicy/authpolicy_parser_main.cc
,
Jan 13 2017
,
Jul 6 2017
bulk Verify of older or not-user-facing Chromad bugs |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by tnagel@chromium.org
, Jan 12 2017Components: Enterprise
Labels: -Pri-2 Enterprise-Triaged M-57 OS-Chrome Pri-1
Owner: tnagel@chromium.org
Status: Assigned (was: Untriaged)