[Samba] Domain Controller GPO
timothy mcdaniel
timnboys333 at live.com
Thu Apr 21 12:26:00 MDT 2011
yes, I would be able to provide a Init script for Samba4 Alpha15. I will
attach it to this email.
Yes there is a way to maintain your existing Samba4 powered AD Domain.
read this from upgrading-samba4.txt(in the samba.git file)(comes with the
git clone command which downloads the samba source files to the folder you
told it to download to.):
this will help you be able to upgrade your current samba4 domain into the
new version(Alpha 15) and allow you to keep or maintain your existing Samba4
powered AD domain.
> Upgrading from an older samba4 installation.
> Compile the new version of samba4 by following the HOWTO, but do
> not install it yet, and do not run provision.
> Stop any samba process
> Backup your samba4 provision:
>
> go into the directory where your samba4 provision is stored (/usr/local/samba by default)
> do tar cf $HOME/backup.tar private etc var sysvol
> Go into the source4 dir
>
> run ./scripting/bin/upgradeprovision -s <path to smb.conf in samba4 install>
> do make install
> This will do the minimum (safest) upgrade of the data.
> Runing upgradeprovision with --full will do a more comprehensive
> upgrade of the data (including schema and display specifiers). This
> attempts to do a new provision, and to then copy existing data into
> that database.
>
>Ok, I appreciate your suggestion. Would you be able to provide an Init
>script for Samba4 Alpha15? I am not certain on how to make one. Also, Is
>there a way to maintain my existing Samba4 powered AD Domain when
upgrading?
>Thanks.
On Wed, Apr 20, 2011 at 10:23 AM, timothy mcdaniel <
timnboys333 at live.com>wrote:
> I would redownload the git source and download the latest version of
samba4
> and compile it and provision it and then when you get the latest verison
of
> samba4(which I think is samba4 alpha 15) and then how you would change the
> password complexity requirements in the latest version of samba4 you would
> use samba-tool or if you do not have the samba4 bin and sbin folders in
> your
> path: /usr/local/samba/bin/samba-tool(this is assuming that you installed
> the latest version of samba4 to your /usr/local folder) and you put this
> command like this: "/usr/local/samba/bin/samba-tool pwsettings
> --complexity=off --history-length=0 --min-pwd-length=0
> --min-pwd-age=0" and then press enter and then it will disable the
password
> complexity on the latest version of samba4
> >Thanks for your assistance, however the options are not recognized by the
> >net command. Is there any other variation of those it could be?
>
> >On Tue, Apr 19, 2011 at 2:49 AM, Daniel Müller <
> mueller at tropenklinik.de>wrote:
>
> > Refer to my thread this list: HOWTO samba4 centos5.5 named dnsupdate
drbd
> > simple failover
> >
> >
> > Password Policy Settings!!
> >
> > Along with Samba4 the Password Policy you can only set from console,
with
> > 'net pwsettings ' command.
> > net pwsettings –help:
> >
> > usage: (show | set <options>)
> >
> > options:
> > -h, --help show this help message and exit
> > -H H LDB URL for database or target server
> > --quiet Be quiet
> > --complexity=COMPLEXITY
> > The password complexity (on | off | default).
> > Default
> > is 'on'
> > --history-length=HISTORY_LENGTH
> > The password history length (<integer> |
default).
> > Default is 24.
> > --min-pwd-length=MIN_PWD_LENGTH
> > The minimum password length (<integer> |
default).
> > Default is 7.
> > --min-pwd-age=MIN_PWD_AGE
> > The minimum password age (<integer in days> |
> > default). Default is 1.
> > --max-pwd-age=MAX_PWD_AGE
> > The maximum password age (<integer in days> |
> > default). Default is 43.
> >
> > Samba Common Options:
> > -s FILE, --configfile=FILE
> > Configuration file
> > -d DEBUGLEVEL, --debuglevel=DEBUGLEVEL
> > debug level
> > --option=OPTION set smb.conf option from command line
> > --realm=REALM set the realm name
> >
> > Credentials Options:
> > --simple-bind-dn=DN
> > DN to use for a simple bind
> > --password=PASSWORD
> > Password
> > -U USERNAME, --username=USERNAME
> > Username
> > -W WORKGROUP, --workgroup=WORKGROUP
> > Workgroup
> > -N, --no-pass Don't ask for a password
> > -k KERBEROS, --kerberos=KERBEROS
> > Use Kerberos
> >
> > Version Options:
> > --version Display version number
> >
> > So I set my Password Policy:
> >
> > net pwsettings set –--complexity=off
> > net pwsettings set ---max-pwd-age=60 #<---60 Days
> > net pwsettings set –min-pwd-length=5
> >
> > net pwsettings show:
> >
> > [root at node1 ~]# net pwsettings show
> > Password informations for domain 'DC=tuebingen,DC=tst,DC=loc'
> >
> > Password complexity: off
> > Password history length: 24
> > Minimum password length: 5
> > Minimum password age (days): 1
> >
> > -----------------------------------------------
> > EDV Daniel Müller
> >
> > Leitung EDV
> > Tropenklinik Paul-Lechler-Krankenhaus
> > Paul-Lechler-Str. 24
> > 72076 Tübingen
> >
> > Tel.: 07071/206-463, Fax: 07071/206-499
> > eMail: mueller at tropenklinik.de
> > Internet: www.tropenklinik.de
> > -----------------------------------------------
> > -----Ursprüngliche Nachricht-----
> > Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org
> ]
> > Im
> > Auftrag von Christophe Dezé
> > Gesendet: Dienstag, 19. April 2011 07:58
> > An: samba at lists.samba.org
> > Betreff: Re: [Samba] Domain Controller GPO
> >
> > Le 18/04/2011 21:15, Ryan Leimenstoll a écrit :
> > > Hi All,
> > > I am using Samba4 Alpha12, and i am trying to edit the password
> policy
> > > (which I believe is derived from the PDC's policy), but I am trying to
> > > figure out whether Samba4 can respond to GPOs. If It cannot, how would
> I
> > > define the password policy for the domain? Thanks.
> > it 's maybe because 4.0.0alpha12 - wasn't released
> >
> >
> > :)
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list