SSSD / sssd

Clone

8527ed1 GPO: Support group policy file main folders with upper case name

1 file Authored by thor 4 years ago, Committed by pbrezina 4 years ago,
raw patch tree parent
1 file changed. 37 lines added. 4 lines removed.
src/providers/ad/ad_gpo_child.c
file modified
+37 -4 
    GPO: Support group policy file main folders with upper case name
    
    There are AD domain controller implementations that use upper case names
    for the main folder on SYSVOL under which group policy files and templates
    are stored. E. g. 'MACHINE' instead of 'Machine'.
    
    gpo_child uses library libsmbclient to copy group policy files from the AD
    domain controller into a local GPO cache directory. libsmbclient does not
    allow to request the domain controller to perform case insensitive SMB URI
    lookups, if SYSVOL is located on a case sensitive file system. If a group
    policy template is stored under main folder 'MACHINE' gpo_child cannot
    retrieve the policy data and exits with error code 2 (No such file or
    directory). GPO based access control fails with error 22 (Invalid argument)
    and users may not be able to login.
    
    GP_EXT_GUID_SECURITY_SUFFIX constant defines a case sensitive main folder
    name (/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf) for the policy
    template to retrieve. If the group policy file cannot be retrieved, gpo_child
    will now also try to retrieve the file using an upper case main folder name,
    i.e. /MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3324
    
    Signed-off-by: REIM THOMAS <reimth@gmail.com>
    Signed-off-by: Thomas Reim <reimth@gmail.com>
    
    Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
    Reviewed-by: Sumit Bose <sbose@redhat.com>
file modified
+37 -4
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.