[PATCHES v1] GPO fixes
Andrew Bartlett
abartlet at samba.org
Mon Jan 8 17:58:22 UTC 2018
On Mon, 2018-01-08 at 10:05 -0700, David Mulder wrote:
> Hoping to get these into 4.8;
> Basically these are all the fixes/improvements from the machine policy
> patches, minus the machine policy.
> Includes:
> * Fixes a crash in gpo unapply
> * Don't stop parsing gpos if one fails
> * Cache gpo versions and read from the cache, instead of reading
> directly from the sysvol
> * Call the gpupdate command from winbind, using the interval specified
> by MS spec (random interval between 90 and 120 minutes).
> * Enable gpupdate by default (this now only has the effect of enabling
> the system access policies for the kdc).
> * NEW: Provide a method for disabling gpo extensions. An extension will
> now check if a <my filename>.disabled file is present, and the extension
> is ignored if present. This required moving the system access policies
> to their own file, which is now required for every extension.
>
> This patch set *does not* contain any new gpo extensions, just
> improvements to the overall gpo code (and making it easily extensible
> for adding new extensions).
Thanks. We also need to disable this during our selftest, and
explicitly test it in an environment that is not running tests for
things like minimum password age. (The idea of this running, randomly,
during one of those tests scares me).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list