[PATCHES] GPO support for the AD DC itself
garming at catalyst.net.nz
Wed Jun 21 23:49:58 UTC 2017
I'm also seeing segfaults during make test due to create_local_nt_token
inside samba_gpoupdate when it is run. It appears that it tries to open
my local database (to little avail and may be the cause of the
segfault), not the one intended for the test environment.
In my case, I was running 'make testenv', and watching the output.
On 21/06/17 14:15, Garming Sam wrote:
> Compiling the patches, I noticed that you haven't rebased on master
> recently (at least from what you've given). There are some interface
> changes which mean that there is a TALLOC_CTX * being supplied into some
> There is also a compiler warning in torture/gpo/apply.c:
> execv(cmd, (char * const *)&(cmd))
> Instead of casting, I think you should use a discard_const_p.
> On 21/06/17 01:12, David Mulder wrote:
>>> In the patch 'libgpo: Add libgpo python bindings' you remove a return
>>> case in finalize_local_nt_token. Can you explain why? Where were you
>>> using it and why is this necessary?
>> Oh, yes. I believe that happens inside the gp_get_machine_token() call
>> in py_ads_get_gpo_list(). This call always fails for a computer object
>> that's a DC. I'm not certain why, but I can look into that more.
>>> On the whole, it looks much improved. But there needs to be some more
>>> comments (either in the code or the commit message) on what you're
>>> actually doing. For instance, I notice that you've introduced GPO
>>> unapply and it uses an xml log file. How is this file actually formatted
>>> and used? Similarly, in applying krb5 settings, which settings does it
>>> alter and how does it alter them? There needs to be some more high level
>>> documentation, both for other developers and for users.
>>> docs-xml/smbdotconf/domain/gpoupdatecommand.xml probably needs an
>>> extensive list of what is and is not being applied for example because
>>> it's not obvious at a glance.
>> I'll add some better documentation in gpoupdatecommand.xml.
>> I suppose the best place to document the new xml unapply log would be in
>> I'll add more comments in general to make all of it more clear.
More information about the samba-technical