Comment 1 for bug 1934997

Thank you for your report and sorry for the issue caused by this SRU.

In focal GPO are enforced by default. But the original version of SSSD was not fully implementing the MS spec and GPO where actually not enforced. This was the case for the default domain policy which defines in particular the security and password policy which where not followed.

This is what this SRU addressed by backporting most the GPO fixes from recent version of SSSD and created this unfortunate side effect.

This problem will occur when users will upgrade from 20.04 to 22.04 anyway.

Adding 'ad_gpo_access_control = permissive' to sssd.conf is one way to fix it. Another way is to make sure the default domain policy is properly defined and that the client can access it.

However we will have a look at a Samba4 setup to try to understand if there is a general problem with this setup and how it can be addressed before 22.04 is released.