[Samba] Domain password policy with Samba AD DC
David Mulder
dmulder at samba.org
Wed Sep 6 16:59:29 UTC 2023
So, now I'm confused. This output shows it working exactly as intended.
The rsop shows that you set the following policy on the sysvol:
> samba-gpupdate --rsop --target=Computer
>
> Resultant Set of Policy
> Computer Policy
>
> GPO: Default Domain Policy
> ================================================================================================================================
>
> CSE: gp_access_ext
> ----------------------------------------------------------------
> Policy Type: System Access
> ----------------------------------------------------------------
> [ MinimumPasswordAge ] = 0
> [ MaximumPasswordAge ] = -1
> [ MinimumPasswordLength ] = 6
> ----------------------------------------------------------------
> ----------------------------------------------------------------
And forcing the policy to apply shows that it clearly (well, maybe not
so clearly) did what you asked it to do:
> samba-gpupdate -d5 --force --target=Computer
>
> DSDB Change [Modify] at [Wed, 06 Sep 2023 18:40:28.046297 CEST] status
> [Success] remote host [Unknown] SID [S-1-5-18] DN
> [DC=testdom,DC=talps] attributes [replace: minPwdAge [0]]
> {"timestamp": "2023-09-06T18:40:28.046428+0200", "type": "dsdbChange",
> "dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
> "status": "Success", "operation": "Modify", "remoteAddress": null,
> "performedAsSystem": false, "userSid": "S-1-5-18", "dn":
> "DC=testdom,DC=talps", "transactionId":
> "66a336b7-9d1d-4dc1-aa64-5c0363dc0d49", "sessionId":
> "ef55011d-425b-4687-b6f9-f929bfc5eb29", "attributes": {"minPwdAge":
> {"actions": [{"action": "replace", "values": [{"value": "0"}]}]}}}}
>
> DSDB Change [Modify] at [Wed, 06 Sep 2023 18:40:28.052847 CEST] status
> [Success] remote host [Unknown] SID [S-1-5-18] DN
> [DC=testdom,DC=talps] attributes [replace: maxPwdAge [864000000000]]
> {"timestamp": "2023-09-06T18:40:28.052922+0200", "type": "dsdbChange",
> "dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
> "status": "Success", "operation": "Modify", "remoteAddress": null,
> "performedAsSystem": false, "userSid": "S-1-5-18", "dn":
> "DC=testdom,DC=talps", "transactionId":
> "e51e13d3-0922-4142-a5a5-a115ed7e5183", "sessionId":
> "ef55011d-425b-4687-b6f9-f929bfc5eb29", "attributes": {"maxPwdAge":
> {"actions": [{"action": "replace", "values": [{"value":
> "864000000000"}]}]}}}}
>
> DSDB Change [Modify] at [Wed, 06 Sep 2023 18:40:28.058667 CEST] status
> [Success] remote host [Unknown] SID [S-1-5-18] DN
> [DC=testdom,DC=talps] attributes [replace: minPwdLength [6]]
> {"timestamp": "2023-09-06T18:40:28.058717+0200", "type": "dsdbChange",
> "dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
> "status": "Success", "operation": "Modify", "remoteAddress": null,
> "performedAsSystem": false, "userSid": "S-1-5-18", "dn":
> "DC=testdom,DC=talps", "transactionId":
> "86efea8f-c624-455d-a7c8-2fd519389f73", "sessionId":
> "ef55011d-425b-4687-b6f9-f929bfc5eb29", "attributes": {"minPwdLength":
> {"actions": [{"action": "replace", "values": [{"value": "6"}]}]}}}}
>
Note the `replace: minPwdAge [0]`, `replace: maxPwdAge [864000000000]`
(-1), and `replace: minPwdLength [6]`.
This is working as intended, as far as I can tell. So, what's the
problem that I'm not understanding?
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the samba
mailing list