[PATCHES] GPO support for client machine policy
David Mulder
dmulder at suse.com
Wed Dec 6 18:10:56 UTC 2017
Right. Then maybe Garming is right, we probably don't need the KDC
service, just the one attached to winbind.
On 12/06/2017 11:02 AM, Andrew Bartlett wrote:
> On Wed, 2017-12-06 at 06:39 -0700, David Mulder wrote:
>> Yes, they would run simultaneously, but they apply different things.
>> They also run on different intervals.
>> If you look at samba_gpoupdate where it sets gp_extensions, you'll see
>> it sets the extensions to apply based on the type of apply (KDC, client
>> machine, or user which isn't available yet).
>> I had considered removing the KDC service, but I think it is fine as is.
>> The way it is now, if they choose not to configure winbind, kdc policy
>> is still applied.
> To be clear, winbindd is a mandatory part of the AD DC.
>
> Andrew Bartlett
--
David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
More information about the samba-technical
mailing list