[Samba] Time synchronization and Password Policies
- Date: Tue, 21 Nov 2017 09:10:32 +0530
- From: Anantha Raghava via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Time synchronization and Password Policies
We are running Samba-AD and all things are working absolutely fine.
However, two very specific issues observed one related to Windows
Clients (Members) automatically synchronizing the time with PDC emulator
and second password policies are not getting enforced.
Normally, in totally Windows environment, when adding a windows PC (Or
server) to a domain as a member it automatically synchronizes its time
with PDC emulator. However in case of Samba-AD, we have to manually
synchronize the time with PDC emulator before making the Windows PC (Or
server) a member of domain. If the time difference between the Samba-AD
and Windows Client is more than 300 Seconds, the client, instead of
synchronizing the time with Samba-AD's PDC emulator, it throws the error
and stops. This behavior is observed with Windows XP, Windows 7, Windows
8 / 8.1, Windows 10 and all Windows Server editions.
Any specific setting we have to enable on the Samba-AD to automatically
synchronize the time while adding domain members?
Password policies are not getting enforced on the clients. Initially we
thought that we have to set those policies using "samba-tool user
passwordsettings" and not on Windows GPO. As this was not enforcing the
password policies, we set the GPO with the same settings. Yet the same
result. Password Policies are not getting applied.
We have three domain controllers in out environment.
Any guidance to set these right?
Thanks & Regards,
Do not print this e-mail unless required. Save Paper & trees.
To unsubscribe from this list go to the following URL and read the