[Samba] Domain password policy with Samba AD DC
David Mulder
dmulder at samba.org
Wed Sep 6 12:01:13 UTC 2023
On 8/30/23 8:21 AM, Rowland Penny via samba wrote:
> After reading the code for gpclass.py, it looks like the python code
> looks for 'version' in a cache file, this cache file is empty,
> probably because the domain controllers GPO is an empty GPO when
> first created. This does lead to a question, AD GPOs are stored on
> disk in sysvol and also in AD, so why does Samba require yet another
> copy in a cache ?
You're assuming the policies are running on an ADDC. The group policy
code assumes it's running on a client, and pulls a copy of the SYSVOL to
a cache. Of course we could read directly from the SYSVOL when on the
ADDC, but that's an optimization that hasn't happened.
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the samba
mailing list