[Samba4] How do I activate/use AD Profiles?
abartlet at samba.org
Sat Mar 1 00:07:58 GMT 2008
On Fri, 2008-02-29 at 08:23 -0500, Richard Hurt wrote:
> On Feb 28, 2008, at 6:22 PM| Feb 28, 2008, Andrew Bartlett wrote:
> > On Thu, 2008-02-28 at 12:38 -0500, Richard Hurt wrote:
> >> I have installed and started playing with Samba4 and am having
> >> trouble
> >> getting my GPO settings recognized. For instance, I have tried to
> >> remove all password restrictions from the whole domain by setting all
> >> security settings to none or '0'. I edit the "Default Domain Policy"
> >> and edit Computer->Windows->Security->Account->Password policies to
> >> the appropriate values. Then I try to reset a password to 'p' but it
> >> still tells me that I have not met the requirements, which seem to be
> >> still set to the AD default. I even issued a gpupdate.exe /force and
> >> tried it on a different workstation. I cant even create a new user
> >> with a small password.
> > Correct, Samba4 doesn't honour it's own group policy, just distributes
> > them to windows clients. The pwdProperties object in domain object in
> > LDAP controls it for now.
> Hmmm... this seems troubling. I expected to be able to do basic
> things like control the password requirements. Samba4 might not work
> out for me after all. :(
I know you are disappointed, but this is exactly the kind of feedback I
wanted, and need.
6 months ago, when the last person asked me about this, I promised that
I would make SWAT handle this. I never did it. When the new
python-based SWAT lands (jelmer has indicated that this was not
difficult to create), I'll create a simple web-based GUI to control
Would that be sufficient?
I don't expect to be reading group policies quite yet, but I certainly
won't stop someone proposing a patch. (There are implementations of
'group policy on linux' out there).
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080301/86ca946c/attachment.bin
More information about the samba-technical