[Samba] Domain password policy with Samba AD DC
David Mulder
dmulder at samba.org
Wed Sep 6 12:08:46 UTC 2023
On 8/30/23 11:17 AM, Rowland Penny via samba wrote:
> If I try to alter the default Domain Controllers policy via GPME,
> whilst GPME shows and retains the changes, nothing changes in AD.
> There are changes in sysvol, but these changes seem to require that
> sysvolreset is run. If I then run samba-gpupdate, I get this:
>
> Traceback (most recent call last):
> File "/usr/sbin/samba-gpupdate", line 133, in <module>
> apply_gp(lp, creds, store, gp_extensions, username,
> File "/usr/lib/python3/dist-packages/samba/gp/gpclass.py", line 481, in apply_gp
> version = gpo_version(lp, path)
> File "/usr/lib/python3/dist-packages/samba/gp/gpclass.py", line 431, in gpo_version
> return int(gpo.gpo_get_sysvol_gpt_version(gpt_path)[1])
> samba.NTSTATUSError: (3221225700, 'This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption.')
>
> I traced this (or so I believe) to the python program trying to read
> from an empty cache.
This is actually calling into C code in libgpo/gpo_fetch.c
gpo_get_sysvol_gpt_version() (this code is pretty ancient) via
libgpo/pygpo.c py_gpo_get_sysvol_gpt_version(). I'm guessing it was
written assuming that the GPO is already initialized.
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the samba
mailing list