Displaying 20 results from an estimated 5000 matches similar to: "Confusion about account locking policy (Samba AD/Windows 7 client)"
2015 Dec 08
2
Confusion about account locking policy (Samba AD/Windows 7 client)
As far as I understand Samba and the wiki in this regard, the Samba4
DC's password policy is no typical domain policy (no GPO). It can't be
inherited by Windows clients. So I suspect the full story to be:
- on the Unix side (DC and member server) the Samba password rules apply
- on the Windows client side the inherited Windows POLICIES apply (as
far as possible)
In effect, if e.g.
2015 Dec 09
1
Confusion about account locking policy (Samba AD/Windows 7 client)
I can do some playing around:
a) I have set a GPO for lockout at '10' invalid attempts (the rest of
the password options set as on Samba DC), forced the 'gpupdate', and
left the Samba rules set to '5' (checked on both DCs). But still I get
locked out after 3 invalid attempts.
b) I have set the Samba rules to '10' (or '15') invalid attempts and get
2015 Jan 22
2
Windows users can't change password 4.1.6
Hello,
When PDC was installed I remember that everybody could change thair passwords after first 24h after password reset via admin console.
(I remamber that I was searching for this and even if GPO was min 0 days for changing password you had to wait)
Anyway... Now noone is able to change password.
When GPO tells you to change password after 30days, or you want to change it; typing old
2015 Jan 15
4
Verification on different issues
Hello,
I'd like to know if the following issues happen to you too.
1. Sysvol permissions
After I edited a GPO with a user which is member of domain Admins, sysvolcheck runs on an error due to security settings of thisvedited GPO. Running sysvolreset makes it all for he again
2. GPO password policy
We have a policy that defines a password change interval of 32 days. On our clients (windows
2014 Sep 04
4
can't turn off password complexity requirements
Hello,
I'm unsing Ubuntu 14.4 Server and samba 4.1.6-Ubuntu. Everything
works great but I somehow fail to switch off the password complexity
requirements. It is not unlikely that this is because I'm very
unexperienced with Windows. I've heard that the password-settings are
always a bit tricky and I did exactly what the windows-tutorials say.
I've tried gpresult for
2015 Feb 11
1
Samba 4 GPO - Account Policy
Hello,
I installed samba4 on an debian server with dc provisioning.
If I create an default policy that is linked to the domain and set the
Account Lockout Policy to e.g. 5 thresholds, it does not work.
My question: I this Policy supported by samba and if it is supported how can
I apply these.
I also tried on other systems like openSUSE 13.2 and Ubuntu 14.04.
And I also tried an
2013 Jun 13
1
Problems adding domain policies in debian 7 with samba4.0.6
Hi once again my greetings I rewrite because I'm in the same situation
but this time in debian 7 using samba4.0.6. The account lockout policy
does not work, got help from some colleagues but nothing I fail to solve
the problem, I have recommended using Zentyal 3.0 but it's my favorite
distro is debian and do not feel right changing. This time I used a
Windows 7 client and I
2014 Sep 06
2
samba4 GPO passw
Hi list, well, i create a new gpo (rsat tools) and try to find password
policies to define all stuff like time, complexity, etc but dont here
where normaly are!..cant find from any gpo create password policies!...i
personalize a search into gpo but nothing appears...normaly in windows
ad this policies are in security settings....
any suggestion?
2015 Dec 09
0
Confusion about account locking policy (Samba AD/Windows 7 client)
On Tue, 2015-12-08 at 16:54 +0100, Ole Traupe wrote:
> Hi,
>
> here on the wiki
> https://wiki.samba.org/index.php/FAQ#Is_it_possible_to_set_user_speci
> fic_password_policies_in_Samba4_.28e._g._on_a_OU-base.29.3F
> I read this:
>
>
> "Is it possible to set user specific password policies in Samba4
> (e.
> g. on a OU-base)?
>
> Samba
2016 Jun 04
3
"Samba cannot handle GPO restrictions"
Hi list,
Today, I spent most of the day figuring out why my password policies set
via GPO are not applied on a domain level, just to find out that this is
not one of the many occasions where Windows is the problem but it's really
Samba, for a change. Apparently, password policies can only be changed
using samba-tool and not via GPO.
IMO, the FAQ is not very clear here.
2015 Dec 08
0
Confusion about account locking policy (Samba AD/Windows 7 client)
I just can't reply to your question as I have not this information. I don't
know how Samba works, I've got feelings about how it works : )
And as my MS world knowledge is just worst, I can't rely on it to tell you
how Windows generate its passwords policy.
How I think it works is:
you configure password policy using samba-tool
samba modifies the default domain policy (not tested,
2015 Dec 08
0
Confusion about account locking policy (Samba AD/Windows 7 client)
I expect you already did that but in case of... did you rebooted your
Windows client to apply new Computer's GPO (or use gpupdate MS tool)?
2015-12-08 16:54 GMT+01:00 Ole Traupe <ole.traupe at tu-berlin.de>:
> Hi,
>
> here on the wiki
>
> https://wiki.samba.org/index.php/FAQ#Is_it_possible_to_set_user_specific_password_policies_in_Samba4_.28e._g._on_a_OU-base.29.3F
>
2014 Oct 01
2
Domain Functionality Level and GPO password policies
Hi guys,
I've been trying to work out how to set a GPO that allows certain
Groups (Domain Users) a password expiry of 60 days and another group
(Domain admins) an expiry of 30 days, but when looking through the
Group Policy Manager I don't see how to achieve this.
After looking around online I stumbled across the domain Functionality
Level which if I understand means that I have to
2017 Feb 08
3
Users list and the date the password will expire
On Wed, 8 Feb 2017 18:32:15 +0100
Ole Traupe via samba <samba at lists.samba.org> wrote:
> That was weird: didn't see (expect) there to be a discussion right on
> the same topic going on at this very moment.
>
> Ole
>
>
> On 08.02.2017 17:37, Ole Traupe via samba wrote:
> > Hi list,
> >
> > long time no see! :)
> >
> > I was looking
2017 Feb 08
4
Users list and the date the password will expire
Hi list,
long time no see! :)
I was looking for an email reminder script for users whose password will
expire. Some of our users are on long travels and will never see the
Domain's default notification. I haven't found any complete (and simple)
solution online. So I wrote one. In case it helps anyone, you find it below.
You should only have to fill in the blanks for the the
2018 Oct 02
2
Passwordsettings
Hi!
I have one question about passwordsettings in Samba 4:
My configuration:
S.O. : Ubuntu 16.04
Samba Version: 4.7.7
--
samba-tool domain passwordsettings show
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 0
Maximum password age (days): 180
Account lockout duration (mins): 30
Account lockout
2016 Feb 21
1
user login passwords are mixed up
Thank you! That was the hint I needed with 4.2 and ""Bad Password Lockout
in the AD DC".
I did it via samba-tool this time and not via GPO with RSAT.
samba-tool domain passwordsettings set --history-length=0
samba-tool domain passwordsettings show
Password informations for domain 'DC=x,DC=x,DC=x'
Password complexity: on
Store plaintext passwords: off
Password history
2015 Jan 27
3
Windows users can't change password 4.1.6
Hello Marc,
W dniu 2015-01-22 o 20:17, Marc Muehlfeld pisze:
> Hello Micha?,
>
> Am 22.01.2015 um 07:13 schrieb Micha? P??rolniczak:
>> When GPO tells you to change password after 30days, or you want to
>> change it; ...
>
> At first: You can't define password policies via GPO, because they have
> to be interpreted by the domain controller(s) and Samba
2018 Jan 18
5
Changing expired Samba AD password during Windows login
I'm running a Samba AD 4.7.4 and cannot set a new password for a user
with an expired password during login from a Windows PC. Changing a
password from inside a login with cntl-alt-del "change password" works ok.
I've already decreased the minimum password age to 0
samba-tool domain passwordsettings show
Password complexity: on
Store plaintext passwords: off
Password history
2019 May 05
2
samba-tool max-pwd-age error
debian 9 fresh install, samba-4.10.2 from Louis:
root at lnxdc1:/home/service# samba-tool domain passwordsettings show
Password informations for domain 'DC=mydomain,DC=lan'
Password complexity: on
Store plaintext passwords: off
Password history length: 10
Minimum password length: 8
Minimum password age (days): 0
Maximum password age (days): 60
Account lockout duration (mins): 30
Account