[Samba] Domain password policy with Samba AD DC

David Mulder dmulder at samba.org
Wed Sep 6 12:01:13 UTC 2023

On 8/30/23 8:21 AM, Rowland Penny via samba wrote:
> After reading the code for gpclass.py, it looks like the python code
> looks for 'version' in a cache file, this cache file is empty,
> probably because the domain controllers GPO is an empty GPO when
> first created. This does lead to a question, AD GPOs are stored on
> disk in sysvol and also in AD, so why does Samba require yet another
> copy in a cache ?
You're assuming the policies are running on an ADDC. The group policy 
code assumes it's running on a client, and pulls a copy of the SYSVOL to 
a cache. Of course we could read directly from the SYSVOL when on the 
ADDC, but that's an optimization that hasn't happened.

David Mulder
Labs Software Engineer, Samba
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com

More information about the samba mailing list