Web lists-archives.com

Re: [Samba] Time synchronization and Password Policies




On Tue, 2017-11-21 at 09:02 -0500, lingpanda101 via samba wrote:
> On 11/21/2017 4:34 AM, lists via samba wrote:
> > Hi,
> > 
> > On 21-11-2017 4:40, Anantha Raghava via samba wrote:
> > > 
> > > /*Password Policies*/
> > > 
> > > Password policies are not getting enforced on the clients. Initially 
> > > we thought that we have to set those policies using "samba-tool user 
> > > passwordsettings" and not on Windows GPO. As this was not enforcing 
> > > the password policies, we set the GPO with the same settings. Yet the 
> > > same result. Password Policies are not getting applied.
> > > 
> > > We have three domain controllers in out environment.
> > 
> > No expert, and please someone correct me if I'm wrong, but:
> > 
> > I think the samba-tool user passwordsettings are local-DC-specific, so 
> > you need to run it on all your DCs.
> > Could it be that you configured only one DC, and your password change 
> > happens to be talking with a different DC..?
> > 
> > MJ
> > 
> 
> You are correct from my own environment.
> 
>      Is this how a Microsoft domain behaves as well or a limit of Samba 
> not being able to replicate these attributes? If anyone knows btw. Thanks.

MJ's statement is not correct.  The password policy attributes are
replicated, the configuration only needs to be done on a single DC.

Additionally, for Samba 4.8 it will (currently off by default) be
possible for a DC to read the password policy and other security
settings from the GPO files.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba