Re: [Samba] Time synchronization and Password Policies
- Date: Wed, 22 Nov 2017 10:59:01 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Time synchronization and Password Policies
On Tue, 2017-11-21 at 09:02 -0500, lingpanda101 via samba wrote:
> On 11/21/2017 4:34 AM, lists via samba wrote:
> > Hi,
> > On 21-11-2017 4:40, Anantha Raghava via samba wrote:
> > >
> > > /*Password Policies*/
> > >
> > > Password policies are not getting enforced on the clients. Initially
> > > we thought that we have to set those policies using "samba-tool user
> > > passwordsettings" and not on Windows GPO. As this was not enforcing
> > > the password policies, we set the GPO with the same settings. Yet the
> > > same result. Password Policies are not getting applied.
> > >
> > > We have three domain controllers in out environment.
> > No expert, and please someone correct me if I'm wrong, but:
> > I think the samba-tool user passwordsettings are local-DC-specific, so
> > you need to run it on all your DCs.
> > Could it be that you configured only one DC, and your password change
> > happens to be talking with a different DC..?
> > MJ
> You are correct from my own environment.
> Is this how a Microsoft domain behaves as well or a limit of Samba
> not being able to replicate these attributes? If anyone knows btw. Thanks.
MJ's statement is not correct. The password policy attributes are
replicated, the configuration only needs to be done on a single DC.
Additionally, for Samba 4.8 it will (currently off by default) be
possible for a DC to read the password policy and other security
settings from the GPO files.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
To unsubscribe from this list go to the following URL and read the