[Samba4] How do I activate/use AD Profiles?

Richard Hurt rnhurt at kangaroobox.com
Fri Feb 29 13:23:34 GMT 2008

On Feb 28, 2008, at 6:22 PM| Feb 28, 2008, Andrew Bartlett wrote:

> On Thu, 2008-02-28 at 12:38 -0500, Richard Hurt wrote:
>> I have installed and started playing with Samba4 and am having  
>> trouble
>> getting my GPO settings recognized.  For instance, I have tried to
>> remove all password restrictions from the whole domain by setting all
>> security settings to none or '0'.  I edit the "Default Domain Policy"
>> and edit Computer->Windows->Security->Account->Password policies to
>> the appropriate values.  Then I try to reset a password to 'p' but it
>> still tells me that I have not met the requirements, which seem to be
>> still set to the AD default.  I even issued a gpupdate.exe /force and
>> tried it on a different workstation.  I cant even create a new user
>> with a small password.
> Correct, Samba4 doesn't honour it's own group policy, just distributes
> them to windows clients.  The pwdProperties object in domain object in
> LDAP controls it for now.

Hmmm... this seems troubling.  I expected to be able to do basic  
things like control the password requirements.  Samba4 might not work  
out for me after all.  :(

>> I also tried to do other things, like set the title of IE 7, or run a
>> program on login, but nothing seems to work.  I get no errors while
>> editing the GPO or domain settings and everything seems to be working
>> fine.  Its just that the profiles don't get applied at all.  What  
>> am I
>> doing wrong?  I'm a newbie when it comes to both Samba and AD so its
>> likely that I am doing something stupid.  :)
> So far I've only used group policies to hide the recycle bin (which
> seems to work, after the right logout/login games).  What is the  
> client
> in this case?

I haven't tried to hide the recycle bin but I can give it a shot and  
see what happens.  :)  I have two machines in my lab; 1 XP SP2 & 1 Win  
2000.  Neither of them seem to take any of the settings I have tried  
so far.


More information about the samba-technical mailing list