[Samba] Domain password policy with Samba AD DC
Peter Milesson
miles at atmos.eu
Wed Sep 6 16:46:30 UTC 2023
On 06.09.2023 18:26, David Mulder via samba wrote:
>
> On 9/6/23 10:19 AM, Peter Milesson via samba wrote:
>>
>> I just tested according to your instruction.
>>
>> Logging in as Administrator at testdom.talps and setting password
>> policies with GPME on Default Domain Controller Policies
>> (specifically minimum password length = 5). Then through a cmd prompt
>> with raised privileges gpupdate /force. Log out. Restart Samba AD DC.
>> Running a sysvolcheck with no errors.
>>
>> Does still not work. It's still the settings made with samba-tool
>> domain passwordsettings (minimum password length = 4) that decides
>> the password policies.
>>
>> I have also tried setting password policies on Default Domain
>> Policies. No juice.
>>
>> What I get from samba-tool domain passwordpolicies show is:
>>
>> Password information for domain 'DC=testdom,DC=talps'
>>
>> Password complexity: on
>> Store plaintext passwords: off
>> Password history length: 0
>> Minimum password length: 4
>> Minimum password age (days): 0
>> Maximum password age (days): 0
>> Account lockout duration (mins): 30
>> Account lockout threshold (attempts): 0
>> Reset account lockout after (mins): 30
>>
>>
>> My smb.conf
>>
>> # Global parameters
>> [global]
>> dns forwarder = xxx.xxx.xxx.xxx
>> netbios name = TESTADC1
>> realm = TESTDOM.TALPS
>> server role = active directory domain controller
>> workgroup = TESTDOM
>> idmap_ldb:use rfc2307 = yes
>> apply group policies = yes
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/testdom.talps/scripts
>> read only = No
>>
>> As I previously stated, it's just a nuisance, you probably set
>> password policies once, or very seldom. It would be nice if it worked
>> as in a Windows AD DC.
>>
>>
> What's the output of these commends?
>
> sudo samba-gpupdate --rsop --target=Computer
>
> sudo samba-gpupdate -d5 --force --target=Computer
>
Hi David,
Please, see below.
Best regards,
Peter
samba-gpupdate --rsop --target=Computer
Resultant Set of Policy
Computer Policy
GPO: Default Domain Policy
================================================================================================================================
CSE: gp_access_ext
----------------------------------------------------------------
Policy Type: System Access
----------------------------------------------------------------
[ MinimumPasswordAge ] = 0
[ MaximumPasswordAge ] = -1
[ MinimumPasswordLength ] = 6
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_krb_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_scripts_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_sudoers_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: vgp_sudoers_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_centrify_sudoers_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_centrify_crontab_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_smb_conf_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_msgs_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: vgp_symlink_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: vgp_files_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: vgp_openssh_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: vgp_motd_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: vgp_issue_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: vgp_startup_scripts_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: vgp_access_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_gnome_settings_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_cert_auto_enroll_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_firefox_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_chromium_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_chrome_ext
----------------------------------------------------------------
----------------------------------------------------------------
CSE: gp_firewalld_ext
----------------------------------------------------------------
----------------------------------------------------------------
samba-gpupdate -d5 --force --target=Computer
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
Processing section "[global]"
doing parameter dns forwarder = xxx.xxx.xxx.xxx
doing parameter netbios name = TESTADC1
doing parameter realm = TESTDOM.TALPS
doing parameter server role = active directory domain controller
doing parameter workgroup = TESTDOM
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter apply group policies = yes
Processing section "[sysvol]"
doing parameter path = /var/lib/samba/sysvol
doing parameter read only = No
Processing section "[netlogon]"
doing parameter path = /var/lib/samba/sysvol/testdom.talps/scripts
doing parameter read only = No
pm_process() returned Yes
ldb_wrap open of secrets.ldb
lp_load_ex: refreshing parameters
Freeing parametrics:
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
Processing section "[global]"
doing parameter dns forwarder = xxx.xxx.xxx.xxx
doing parameter netbios name = TESTADC1
doing parameter realm = TESTDOM.TALPS
doing parameter server role = active directory domain controller
doing parameter workgroup = TESTDOM
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter apply group policies = yes
Processing section "[sysvol]"
doing parameter path = /var/lib/samba/sysvol
doing parameter read only = No
Processing section "[netlogon]"
doing parameter path = /var/lib/samba/sysvol/testdom.talps/scripts
doing parameter read only = No
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface enX0 ip=192.168.22.10 bcast=192.168.22.255
netmask=255.255.255.0
added interface enX0 ip=192.168.22.10 bcast=192.168.22.255
netmask=255.255.255.0
added interface enX0 ip=192.168.22.10 bcast=192.168.22.255
netmask=255.255.255.0
added interface enX0 ip=192.168.22.10 bcast=192.168.22.255
netmask=255.255.255.0
finddcs: searching for a DC by DNS domain TESTDOM.TALPS
finddcs: looking for SRV records for _ldap._tcp.TESTDOM.TALPS
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.TESTDOM.TALPS<0x0>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
finddcs: DNS SRV response 0 at '192.168.22.10'
finddcs: performing CLDAP query on 192.168.22.10
finddcs: Found matching DC 192.168.22.10 with server_type=0x000013fd
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
Processing section "[global]"
doing parameter dns forwarder = xxx.xxx.xxx.xxx
doing parameter netbios name = TESTADC1
doing parameter realm = TESTDOM.TALPS
doing parameter server role = active directory domain controller
doing parameter workgroup = TESTDOM
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter apply group policies = yes
pm_process() returned Yes
Opening cache file at /run/samba/gencache.tdb
sitename_fetch: Returning sitename for realm 'TESTDOM.TALPS':
"Default-First-Site-Name"
namecache_fetch: name testadc1.testdom.talps#20 found.
ads_try_connect: ads_try_connect: sending CLDAP request to 192.168.22.10
(realm: TESTDOM.TALPS)
Successfully contacted LDAP server 192.168.22.10
Connecting to 192.168.22.10 at port 389
Connected to LDAP server testadc1.testdom.talps
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
Search for (objectclass=*) in
<CN=Administrator,CN=Users,DC=testdom,DC=talps> gave 1 replies
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend samba_dsdb
Successfully added passdb backend 'samba_dsdb'
Attempting to register passdb backend samba4
Successfully added passdb backend 'samba4'
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to find a passdb backend to match samba_dsdb (samba_dsdb)
Found pdb backend samba_dsdb
schema_fsmo_init: we are master[yes] updates allowed[no]
ldb_wrap open of idmap.ldb
pdb backend samba_dsdb has a valid init
get_privileges: No privileges assigned to SID
[S-1-5-21-1819986505-3570514717-3911732761-500]
get_privileges: No privileges assigned to SID
[S-1-5-21-1819986505-3570514717-3911732761-513]
get_privileges: No privileges assigned to SID
[S-1-5-21-1819986505-3570514717-3911732761-512]
get_privileges: No privileges assigned to SID
[S-1-5-21-1819986505-3570514717-3911732761-572]
get_privileges: No privileges assigned to SID
[S-1-5-21-1819986505-3570514717-3911732761-518]
get_privileges: No privileges assigned to SID
[S-1-5-21-1819986505-3570514717-3911732761-519]
get_privileges: No privileges assigned to SID
[S-1-5-21-1819986505-3570514717-3911732761-520]
get_privileges: No privileges assigned to SID [S-1-22-2-0]
get_privileges_for_sids: sid = S-1-1-0
Privilege set: 0x0
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-11]
get_privileges_for_sids: sid = S-1-5-32-544
Privilege set: 0x1ffffff0
get_privileges: No privileges assigned to SID [S-1-5-32-545]
get_privileges: No privileges assigned to SID [S-1-5-32-554]
Security token SIDs (14):
SID[ 0]: S-1-5-21-1819986505-3570514717-3911732761-500
SID[ 1]: S-1-5-21-1819986505-3570514717-3911732761-513
SID[ 2]: S-1-5-21-1819986505-3570514717-3911732761-512
SID[ 3]: S-1-5-21-1819986505-3570514717-3911732761-572
SID[ 4]: S-1-5-21-1819986505-3570514717-3911732761-518
SID[ 5]: S-1-5-21-1819986505-3570514717-3911732761-519
SID[ 6]: S-1-5-21-1819986505-3570514717-3911732761-520
SID[ 7]: S-1-22-2-0
SID[ 8]: S-1-1-0
SID[ 9]: S-1-5-2
SID[ 10]: S-1-5-11
SID[ 11]: S-1-5-32-544
SID[ 12]: S-1-5-32-545
SID[ 13]: S-1-5-32-554
Privileges (0x 1FFFFFF0):
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
Rights (0x 0):
Search for (objectclass=*) in
<CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=testdom,DC=talps>
gave 1 replies
Search for (objectclass=*) in
<cn={C0802200-92F4-4026-A6A3-2721C0E79A47},cn=policies,cn=system,DC=testdom,DC=talps>
gave 1 replies
sitename_fetch: Returning sitename for realm 'TESTDOM.TALPS':
"Default-First-Site-Name"
namecache_fetch: name testadc1.testdom.talps#20 found.
Connecting to 192.168.22.10 at port 445
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0,
TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75,
IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=2626560,
SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0,
SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
cli_session_creds_prepare_krb5: Doing kinit for TESTADC1$@TESTDOM.TALPS
to access testadc1.testdom.talps
cli_session_setup_spnego_send: Connect to testadc1.testdom.talps as
TESTADC1$@TESTDOM.TALPS using SPNEGO
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
signed SMB2 message (sign_algo_id=2)
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Processing section "[sysvol]"
Processing section "[netlogon]"
pm_process() returned Yes
schema_fsmo_init: we are master[yes] updates allowed[no]
DSDB Change [Modify] at [Wed, 06 Sep 2023 18:40:28.046297 CEST] status
[Success] remote host [Unknown] SID [S-1-5-18] DN [DC=testdom,DC=talps]
attributes [replace: minPwdAge [0]]
{"timestamp": "2023-09-06T18:40:28.046428+0200", "type": "dsdbChange",
"dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
"status": "Success", "operation": "Modify", "remoteAddress": null,
"performedAsSystem": false, "userSid": "S-1-5-18", "dn":
"DC=testdom,DC=talps", "transactionId":
"66a336b7-9d1d-4dc1-aa64-5c0363dc0d49", "sessionId":
"ef55011d-425b-4687-b6f9-f929bfc5eb29", "attributes": {"minPwdAge":
{"actions": [{"action": "replace", "values": [{"value": "0"}]}]}}}}
descriptor_prepare_commit: changes: num_registrations=0
descriptor_prepare_commit: changes: num_registered=0
descriptor_prepare_commit: changes: num_toplevel=0
descriptor_prepare_commit: changes: num_processed=0
descriptor_prepare_commit: objects: num_processed=0
descriptor_prepare_commit: objects: num_skipped=0
DSDB Change [Modify] at [Wed, 06 Sep 2023 18:40:28.052847 CEST] status
[Success] remote host [Unknown] SID [S-1-5-18] DN [DC=testdom,DC=talps]
attributes [replace: maxPwdAge [864000000000]]
{"timestamp": "2023-09-06T18:40:28.052922+0200", "type": "dsdbChange",
"dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
"status": "Success", "operation": "Modify", "remoteAddress": null,
"performedAsSystem": false, "userSid": "S-1-5-18", "dn":
"DC=testdom,DC=talps", "transactionId":
"e51e13d3-0922-4142-a5a5-a115ed7e5183", "sessionId":
"ef55011d-425b-4687-b6f9-f929bfc5eb29", "attributes": {"maxPwdAge":
{"actions": [{"action": "replace", "values": [{"value":
"864000000000"}]}]}}}}
descriptor_prepare_commit: changes: num_registrations=0
descriptor_prepare_commit: changes: num_registered=0
descriptor_prepare_commit: changes: num_toplevel=0
descriptor_prepare_commit: changes: num_processed=0
descriptor_prepare_commit: objects: num_processed=0
descriptor_prepare_commit: objects: num_skipped=0
DSDB Change [Modify] at [Wed, 06 Sep 2023 18:40:28.058667 CEST] status
[Success] remote host [Unknown] SID [S-1-5-18] DN [DC=testdom,DC=talps]
attributes [replace: minPwdLength [6]]
{"timestamp": "2023-09-06T18:40:28.058717+0200", "type": "dsdbChange",
"dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
"status": "Success", "operation": "Modify", "remoteAddress": null,
"performedAsSystem": false, "userSid": "S-1-5-18", "dn":
"DC=testdom,DC=talps", "transactionId":
"86efea8f-c624-455d-a7c8-2fd519389f73", "sessionId":
"ef55011d-425b-4687-b6f9-f929bfc5eb29", "attributes": {"minPwdLength":
{"actions": [{"action": "replace", "values": [{"value": "6"}]}]}}}}
descriptor_prepare_commit: changes: num_registrations=0
descriptor_prepare_commit: changes: num_registered=0
descriptor_prepare_commit: changes: num_toplevel=0
descriptor_prepare_commit: changes: num_processed=0
descriptor_prepare_commit: objects: num_processed=0
descriptor_prepare_commit: objects: num_skipped=0
2023-09-06 18:40:28.063|[E98506]| Failed to apply extension
Centrify/CrontabEntries | {}
2023-09-06 18:40:28.063|[E86463]| Message was: NameError: cannot access
free variable 'cron_dir' where it is not associated with a value in
enclosing scope | {}
More information about the samba
mailing list