[Samba4] Group policies in AD
Matthieu Patou
mat+Informatique.Samba at matws.net
Mon Sep 21 05:00:25 MDT 2009
On 09/21/2009 02:04 PM, Matthias Dieter Wallnöfer wrote:
> Hi Andrews,
>
> we all know that we made big progress to support GPOs on the (Windows)
> client side. I added now also the second default group policy for the
> domain controllers. For now it will not be very import since s4 itself
> doesn't inherit policies yet (hope that we make some progress here in
> future - that someone is willing to take this) but so we have it for
> future use.
>
I saw tridge todo on this point.
I would like that this point can be developed a bit more, I am thinking
about the server side of policy since a long time now and was thinking
about a inotify script that would watch the policies directory for
policy creation and modification. On change this script would parse the
policy files for changes needed to be done at server side (the easiest
one that comes to my mind is the validity period for password).
Is it this way that is envisioned or is it something completely different ?
> Now some restant issues:
> - We have to be more careful regarding the permissions on the
> directories and files of them; consider bug #5483:
> https://bugzilla.samba.org/show_bug.cgi?id=5483
> - Our default group policies are empty and the one which are shipped
> with Windows Server are not. They contain templates and files with
> default settings. So my question here: do we need to open a new file
> copy permission request (like schema and display specifier files)? I
> personally think so. It would be nice if MS could ship them as an
> archive so we could decompress the whole content on provision time.
The files are available for download from Internet:
http://www.microsoft.com/downloads/details.aspx?familyid=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&displaylang=en
So if we can't get them at least we can clearly propose to users to
download the adm package.
Matthieu.
More information about the samba-technical
mailing list