[PATCHES] Make gpo extensible

David Mulder dmulder at suse.com
Mon Jan 22 21:40:41 UTC 2018

Reading straight from the sysvol is fine on a kdc, but doesn't work on a
client machine. That's the point of the patch. It's required for these
follow up patches, but wasn't really necessary in 4.8 anyhow.

On 01/22/2018 02:18 PM, Garming Sam wrote:
> Hi,
> I'd meant to ask you a question about the patch, but I couldn't manage
> to do that before the 4.8 cut-off. I didn't quite understand what the
> intent of the patch was. 
> apply_gp reads the version from the sysvol path, and then writes it to a
> file in the cache directory. But the gpo_version function always read it
> from sysvol anyways (and so this cache file is never really used)? Also,
> is the benefit of reading from a cache dir only to avoid the recurring
> SMB connection, or is there actually another reason?
I think you've misunderstood what the code is doing. gpo_version() reads
the GPT.INI files via smb (connected to the sysvol), and caches them on
the local system. It then reads the gpo versions from the cache. This is
redundant on a kdc, but not on a client. This is actually a precursor to
caching all relevant GPO files, which will enable offline group policy
apply (enforcing policy even when off the domain).
> Cheers,
> Garming
> On 20/01/18 06:03, David Mulder wrote:
>> Another patch (read gpo versions from cache) is included, which for some
>> reason didn't make it into 4.8 (I'm not sure why this one patch got
>> missed from the series I submitted).

David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

More information about the samba-technical mailing list