Hi All, I have setup samba 4.3.9-Ubuntu AD DC, I want to setup password policy and account lockout policy to all my domain users. How I can do that. Please somebody give me the steps. -- Vivek Patil Assistant Manager - IT Forgeahead Solutions vivek.patil at forgeahead.io *O* +91 (0) 20 66 44 5900 | *M *+91 9579 216 049 601 Zero One, Level 6, Mundhwa, Pune 411036, Maharashtra, India *W* forgeahead.io *IN *linkedin.com/company/forgeahead-solutions -- Email Disclaimer: *http://www.forgeahead.io/disclaimer/ <http://www.forgeahead.io/disclaimer/>*
Hi All, Please somebody help me, I tried this using UI (RSAT) also tried on samba-tool (samba-tool domain passwordsettings set --account-lockout-threshold="2"). But clients are not blocking after 2 or more unsuccessful attempts. I am using samba 4.3.9-Ubuntu. On Sat, Aug 25, 2018 at 6:02 PM Vivek Patil <vivek.patil at forgeahead.io> wrote:> Hi All, > > I have setup samba 4.3.9-Ubuntu AD DC, I want to setup password policy and > account lockout policy to all my domain users. How I can do that. Please > somebody give me the steps. > > -- > Vivek Patil > Assistant Manager - IT > Forgeahead Solutions > vivek.patil at forgeahead.io > *O* +91 (0) 20 66 44 5900 | *M *+91 9579 216 049 > 601 Zero One, Level 6, Mundhwa, Pune 411036, Maharashtra, India > *W* forgeahead.io *IN *linkedin.com/company/forgeahead-solutions >-- Vivek Patil Assistant Manager - IT Forgeahead Solutions vivek.patil at forgeahead.io *O* +91 (0) 20 66 44 5900 | *M *+91 9579 216 049 601 Zero One, Level 6, Mundhwa, Pune 411036, Maharashtra, India *W* forgeahead.io *IN *linkedin.com/company/forgeahead-solutions -- Email Disclaimer: *http://www.forgeahead.io/disclaimer/ <http://www.forgeahead.io/disclaimer/>*
On Sat, 2018-08-25 at 18:02 +0530, Vivek Patil via samba wrote:> Hi All, > > I have setup samba 4.3.9-Ubuntu AD DC, I want to setup password policy and > account lockout policy to all my domain users. How I can do that. Please > somebody give me the steps.The command you need is: samba-tool domain passwordsettings set -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On Sat, 2018-08-25 at 21:51 +0530, Vivek Patil via samba wrote:> Hi All, > > Please somebody help me, I tried this using UI (RSAT) also tried on > samba-tool (samba-tool domain passwordsettings set > --account-lockout-threshold="2"). But clients are not blocking after 2 or > more unsuccessful attempts. I am using samba 4.3.9-Ubuntu.While this feature has been part of Samba since 4.2 i would strongly recommend an upgrade, ideally to 4.8 or 4.9 when released. Only configuration via samba-tool is supported (rather than via GPOs) in the version you run and is generally it is easier to handle this way anyway. Ensure you have sensible values for all the parameters per: https://wiki.samba.org/index.php/Samba_4.2_Features_added/changed#Bad_Password_Lockout_in_the_AD_DC Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On Sun, 2018-08-26 at 09:17 +0530, Vivek Patil wrote:> Hi Andrew, > > I used samba-tool and I was able to set the values too. But it's not > working on client machine. Don't lock account even after lot of pass > failure. Attaching the screenshot here with my amb.conf. please > suggest what I need to change.It isn't controlled from the smb.conf, all the settings are in the directory. I don't have any more hints, sorry! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba