Re: [Samba] Time synchronization and Password Policies
- Date: Tue, 21 Nov 2017 16:35:06 +0100
- From: Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Time synchronization and Password Policies
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> Yes, but only the GPO policies and these are not applied to the samba server.
No. I've looked back at list archive, and i've not found the email, but
i'm sure that someone here (Andrew?) reply me that password policies
are replicated between DC.
Also, seems strange to me that that settings get written into LDAP AD
data and not used by ever DC:
root@vdcpp1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base | grep -i pwd
also, i've not set that value on my second DC, but:
root@vdcpp1:~# samba-tool domain passwordsettings show
Password informations for domain 'DC=ad,DC=fvg,DC=lnf,DC=it'
Password complexity: on
Store plaintext passwords: off
Password history length: 5
Minimum password length: 8
Minimum password age (days): 0
Maximum password age (days): 90
Account lockout duration (mins): 30
Account lockout threshold (attempts): 5
Reset account lockout after (mins): 5
and these are exactly the settings on my first DC, correctly propagated
on the second.
So, trying to summarize:
a) 'samba-tool domain passwordsettings' set the password policy for the
''samba'' part, for every DC in the domain
b) this password policies are not enforced on the windows client, and
have to be ''replicated'' in a GPO.
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
To unsubscribe from this list go to the following URL and read the