[PATCHES v1] GPO fixes

Andrew Bartlett abartlet at samba.org
Mon Jan 8 17:58:22 UTC 2018

On Mon, 2018-01-08 at 10:05 -0700, David Mulder wrote:
> Hoping to get these into 4.8;
> Basically these are all the fixes/improvements from the machine policy
> patches, minus the machine policy.
> Includes:
> * Fixes a crash in gpo unapply
> * Don't stop parsing gpos if one fails
> * Cache gpo versions and read from the cache, instead of reading
> directly from the sysvol
> * Call the gpupdate command from winbind, using the interval specified
> by MS spec (random interval between 90 and 120 minutes).
> * Enable gpupdate by default (this now only has the effect of enabling
> the system access policies for the kdc).
> * NEW: Provide a method for disabling gpo extensions. An extension will
> now check if a <my filename>.disabled file is present, and the extension
> is ignored if present. This required moving the system access policies
> to their own file, which is now required for every extension.
> This patch set *does not* contain any new gpo extensions, just
> improvements to the overall gpo code (and making it easily extensible
> for adding new extensions).

Thanks.  We also need to disable this during our selftest, and
explicitly test it in an environment that is not running tests for
things like minimum password age.  (The idea of this running, randomly,
during one of those tests scares me). 

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list