Displaying 20 results from an estimated 20000 matches similar to: "Time synchronization and Password Policies"
2017 Nov 21
3
Time synchronization and Password Policies
You guys mix to things.
> AFAIK is the 'privileges' that are host-specific.
Is correct.
>the policies are on the domain (in the LDAP data,
> the root DN, look at them!).
Yes, but only the GPO policies and these are not applied to the samba server.
And because of that, samba-tools password settings needs to be set on every DC.
Greetz,
Louis
> -----Oorspronkelijk
2019 Oct 17
1
List of applied policy if 'apply group policies = yes'...
Ahem, again revising docs...
I've not found a place where there's a ist of policy applied if i set:
apply group policies = yes
There's something like that? they are exactly the policy in:
samba-tool domain passwordsettings show
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
2024 May 17
2
Disaster Recovery Activity with Samba-AD-DC
Hi,
We are having totally 5 samba-ad servers (2 servers in "Data Center A"
and 3 in "Data Center B") in our setup providing AD services.
We have been having trouble whenever we do an activity called "DR
Activity" during which we bring down 2 servers in "Data Center - A" and
try to run our entire infrastructure with 3 samba-ad severs in "Data
2017 Oct 24
2
'check password script' and Join...
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> Did you run the command to disable the password check or complexabilty on all you DC's?
Oh, never minded about that. Sure.
Instead of commenting 'check password script' i can do:
samba-tool domain passwordsettings set --complexity=off
sure! Thanks!
But, why you say «on all you DC's»? The password policies
2017 Aug 30
4
Force password complexity on NT4 style domain (Samba 4.6.4)
Hi,
is there a way to force password complexity on NT4 style domains?
the "samba-tool domain passwordsettings" seems to only work on DC
mode, right?
Boris
2017 Oct 24
3
'check password script' and Join...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> The password settings are related to the DC and by default you cannot
> set or change a password if it isn't complex enough
Ok.
>, you do not need to use an external script.
Ahem, someone out there need it. ;-)
This mean that, if i keep a 'check password script', i could also hit
some trubles on, eg,
2017 Jun 21
2
Classic upgrade and forced password change...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> samba-tool domain passwordsettings set --complexity=off
Ahem, i've typed '--comploxity'... sorry... OK, option is available in
samba-tool in 4.2, but does not seems to work:
root at lupus:~# samba-tool domain passwordsettings set --complexity=off
Password complexity deactivated!
All changes applied successfully!
2018 Jan 20
2
Changing expired Samba AD password during Windows login
Thanks for the help, however I don't think your suggestion applies in my
case. On a fresh install of Samba 4.7.4 AD you cannot change a user
password on a logged in PC through cntl-alt-del -> ChangePassword
because the default MinAge is 1 days. I had to use the "samba-tool
domain passwordsettings set --min-pwd-age=0" command to make the
logged-on style of password change
2018 Jun 21
2
Password complexity checks and local users...
AFAI've understood 'samba-tool domain passwordsettings' set domain
password settings, while the GPO equivalent settings is for the client
(windows client and server os).
Currently i've enabled password complexity checks server side:
root at vdcsv1:~# samba-tool domain passwordsettings show
Password informations for domain 'DC=ad,DC=fvg,DC=lnf,DC=it'
Password
2017 Oct 24
3
'check password script' and Join...
Make a note: it is better to disable 'check password script' in the
DC(s) before trying to join a new DC. ;(
root at vdcpp1:~# samba-tool domain join ad.my.dom DC -U"MYDOM\administrator" --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'ad.my.dom'
Found DC vdcsv1.ad.my.dom
Password for [MYDOM\administrator]:
workgroup is MYDOM
realm is ad.my.dom
Adding
2018 Apr 11
3
Map share based on site?
In Samba/NT i was used to share mapping done in netlogon script, so
users move around between sites, get home and profile from remote
location but still have share mapped from local servers.
In Samba/AD, using GPO, share mapping is in ''user policy'', and so
user roam between sites and get different policies?
I'm googling around but i'm a bit confused... i can still use
2018 Apr 25
2
[OT?] Group Policy, drive maps and Cliend Site Caching...
Hai,
>
> Hi Louis, I think you missed this: current configuration
> (Samba, NT mode)
>
> But I think you are on the right lines, using the same drive letters
> for both sites is asking for trouble.
No, thats ok and should work, since i do that also but in AD dom,
and you may not use persistant drives and you disconnect them at logoff.
>
> However the bigger
2017 Sep 26
1
'check password script' ignored in AD mode?
I'm trying to play with 'check password script' in AD mode, and seems
to me that are simply ignored, at least when users logged on windows
clients and (try to) change the password.
I've also noted if i use other tools (eg, samba-tool for example) 'check password script'
get executed.
I've looked around, and seems that 'check password script' came back in
4.5,
2017 Jun 21
2
Classic upgrade and forced password change...
Mandi! Marc Muehlfeld via samba
In chel di` si favelave...
[in the meantime, moved to 4.5...]
> > Ahem, i've typed '--comploxity'... sorry... OK, option is available in
> > samba-tool in 4.2, but does not seems to work:
> This just turns off the need of complex passwords, but there are more
> settings, such as minimum length, number of previous passwords not
>
2017 Jun 21
5
Classic upgrade and forced password change...
I'm doing some test moving from a NT domain to ad AD domain, using
debian jessie samba (4.2) and obviously the 'classicupgrade' procedure.
In my setup i use(d) extensively some script to reset password to
users. I was (ab)used to have 'smbpasswd' behave differently if
executed by root, eg change the password without taking in
consideration password policy and check password
2019 Sep 22
5
Join DC has failed with error: NT_STATUS_PASSWORD_RESTRICTION
Hi,
I've joined samba DC to existing windows domain using:
samba-tool domain join ***.** DC -U"***\admin" --dns-backend=BIND9_DLZ
It has stopped on
Adding DNS account CN=dns-DC...
with the below error.
ERROR(runtime): uncaught exception - (-1073741716, 'SetUserInfo2 level 26 for [dns-DC] failed: NT_STATUS_PASSWORD_RESTRICTION')
when the BIND9_DLZ is not specified
2017 Nov 21
2
Time synchronization and Password Policies
On 11/21/2017 4:34 AM, lists via samba wrote:
> Hi,
>
> On 21-11-2017 4:40, Anantha Raghava via samba wrote:
>>
>> /*Password Policies*/
>>
>> Password policies are not getting enforced on the clients. Initially
>> we thought that we have to set those policies using "samba-tool user
>> passwordsettings" and not on Windows GPO. As this was
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages).
Rarely it happen that a power outgage tear down all the stuff, here.
I've noticed that if the DM start before the DC, clearly all account
data are inaccessible.
To prevent or minimize that, the ''offline mode'' of winbind can be
safely used also on DM servers? Or is tailoread against roaming client
(portables,
2018 Jul 20
4
Samba 4.5 and glusterfs...
Reding the thread in list about gluster, i've found that in your samba
packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only
the manpage.
root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list
/var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz
root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list
2019 Jan 09
3
[Oddity] SAMAccountName and 20+ chars logins...
Reading here i've understod that for LDAP query it is better to use
SAMAccountName as 'login', but today i've found:
https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname
so, 'SAMAccountName' is a compatibility field with NT mode, limited to
20 chars.
Someone here use 21 chars logins? ;-)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66