Hello, I'd like to know if the following issues happen to you too. 1. Sysvol permissions After I edited a GPO with a user which is member of domain Admins, sysvolcheck runs on an error due to security settings of thisvedited GPO. Running sysvolreset makes it all for he again 2. GPO password policy We have a policy that defines a password change interval of 32 days. On our clients (windows 7) these settings can be found in the local security policy and also when you enter "net accounts" in cmd. But when you enter "net user <username> /domain" in cmd, the user has an interval of 42 days. There was a third issue I can't remember now. Thanks in advance Tim
Hello Tim, Am 15.01.2015 um 20:33 schrieb Tim:> I'd like to know if the following issues happen to you too. > > 1. Sysvol permissions > After I edited a GPO with a user which is member of domain Admins, sysvolcheck runs on an error due to security settings of thisvedited GPO. Running sysvolreset makes it all for he againWhat version of Samba are you running? I have 4.1.12 in production at work and have no problems when I edit GPOs. But sysvolcheck doesn't work for a while (https://bugzilla.samba.org/show_bug.cgi?id=10606)> 2. GPO password policy > We have a policy that defines a password change interval of 32 days. On our clients (windows 7) these settings can be found in the local security policy and also when you enter "net accounts" in cmd. But when you enter "net user <username> /domain" in cmd, the user has an interval of 42 days.How did you set the policy? Via GPO doesn't work (https://wiki.samba.org/index.php/FAQ#Is_it_possible_to_set_user_specific_password_policies_in_Samba4_.28e._g._on_a_OU-base.29.3F). You can only set it via samba-tool. This settings will work and take effect. But I haven't checked if I can see the number of days somewhere. Regards, Marc
I remembered the third issue: 3. Last logon information When you enter "net user <username> /domain" in cmd in a native 'real' windows 2003 domain, the field for last logon is filled. In our new samba4 domain the same command returns "never" for last logon information. Is this right? Thank you for verifying Tim Am 15. Januar 2015 20:33:11 MEZ, schrieb Tim <lists at kiuni.de>:>Hello, > >I'd like to know if the following issues happen to you too. > >1. Sysvol permissions >After I edited a GPO with a user which is member of domain Admins, >sysvolcheck runs on an error due to security settings of thisvedited >GPO. Running sysvolreset makes it all for he again > >2. GPO password policy >We have a policy that defines a password change interval of 32 days. On >our clients (windows 7) these settings can be found in the local >security policy and also when you enter "net accounts" in cmd. But when >you enter "net user <username> /domain" in cmd, the user has an >interval of 42 days. > >There was a third issue I can't remember now. > >Thanks in advance >Tim >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
Thank you, Marc. Am 15. Januar 2015 20:54:03 MEZ, schrieb Marc Muehlfeld <mmuehlfeld at samba.org>:>Hello Tim, > >Am 15.01.2015 um 20:33 schrieb Tim: >> I'd like to know if the following issues happen to you too. >> >> 1. Sysvol permissions >> After I edited a GPO with a user which is member of domain Admins, >sysvolcheck runs on an error due to security settings of thisvedited >GPO. Running sysvolreset makes it all for he again > > >What version of Samba are you running? >I have 4.1.12 in production at work and have no problems when I edit >GPOs. But sysvolcheck doesn't work for a while >(https://bugzilla.samba.org/show_bug.cgi?id=10606) > >I am using sernet packages and it is samba 4.1.14. As I have said: After running sysvolreset, sysvolcheck is fine again after editing gpos.> >> 2. GPO password policy >> We have a policy that defines a password change interval of 32 days. >On our clients (windows 7) these settings can be found in the local >security policy and also when you enter "net accounts" in cmd. But when >you enter "net user <username> /domain" in cmd, the user has an >interval of 42 days. > >How did you set the policy? Via GPO doesn't work >(https://wiki.samba.org/index.php/FAQ#Is_it_possible_to_set_user_specific_password_policies_in_Samba4_.28e._g._on_a_OU-base.29.3F). >You can only set it via samba-tool. This settings will work and take >effect. But I haven't checked if I can see the number of days >somewhere. > > >Regards, >MarcI imported the gpos of our old windows 2003 domain and linked them as they were linked. So I need to have a look at the FAQ.
> 2. GPO password policy > We have a policy that defines a password change interval of 32 days. Onour clients (windows 7) these>settings can be found in the local security policy and also when you enter"net accounts" in cmd.> But when you enter "net user <username> /domain" in cmd, the user has aninterval of 42 days. samba-tool domain passwordsettings