Web lists-archives.com

[Samba] Time synchronization and Password Policies


We are running Samba-AD and all things are working absolutely fine.

However, two very specific issues observed one related to Windows Clients (Members) automatically synchronizing the time with PDC emulator and second password policies are not getting enforced.

/*Time Synchronization:*/

Normally, in totally Windows environment, when adding a windows PC (Or server) to a domain as a member it automatically synchronizes its time with PDC emulator. However in case of Samba-AD, we have to manually synchronize the time with PDC emulator before making the Windows PC (Or server) a member of domain. If the time difference between the Samba-AD and Windows Client is more than 300 Seconds, the client, instead of synchronizing the time with Samba-AD's PDC emulator, it throws the error and stops. This behavior is observed with Windows XP, Windows 7, Windows 8 / 8.1, Windows 10 and all Windows Server editions.

Any specific setting we have to enable on the Samba-AD to automatically synchronize the time while adding domain members?

/*Password Policies*/

Password policies are not getting enforced on the clients. Initially we thought that we have to set those policies using "samba-tool user passwordsettings" and not on Windows GPO. As this was not enforcing the password policies, we set the GPO with the same settings. Yet the same result. Password Policies are not getting applied.

We have three domain controllers in out environment.

Any guidance to set these right?


Thanks & Regards,

Anantha Raghava

Do not print this e-mail unless required. Save Paper & trees.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba