[Samba4] How do I activate/use AD Profiles?

Andrew Bartlett abartlet at samba.org
Sat Mar 1 00:07:58 GMT 2008

On Fri, 2008-02-29 at 08:23 -0500, Richard Hurt wrote:
> On Feb 28, 2008, at 6:22 PM| Feb 28, 2008, Andrew Bartlett wrote:
> >
> > On Thu, 2008-02-28 at 12:38 -0500, Richard Hurt wrote:
> >> I have installed and started playing with Samba4 and am having  
> >> trouble
> >> getting my GPO settings recognized.  For instance, I have tried to
> >> remove all password restrictions from the whole domain by setting all
> >> security settings to none or '0'.  I edit the "Default Domain Policy"
> >> and edit Computer->Windows->Security->Account->Password policies to
> >> the appropriate values.  Then I try to reset a password to 'p' but it
> >> still tells me that I have not met the requirements, which seem to be
> >> still set to the AD default.  I even issued a gpupdate.exe /force and
> >> tried it on a different workstation.  I cant even create a new user
> >> with a small password.
> >
> > Correct, Samba4 doesn't honour it's own group policy, just distributes
> > them to windows clients.  The pwdProperties object in domain object in
> > LDAP controls it for now.
> Hmmm... this seems troubling.  I expected to be able to do basic  
> things like control the password requirements.  Samba4 might not work  
> out for me after all.  :(

I know you are disappointed, but this is exactly the kind of feedback I
wanted, and need.  

6 months ago, when the last person asked me about this, I promised that
I would make SWAT handle this.  I never did it.  When the new
python-based SWAT lands (jelmer has indicated that this was not
difficult to create), I'll create a simple web-based GUI to control

Would that be sufficient?

I don't expect to be reading group policies quite yet, but I certainly
won't stop someone proposing a patch.  (There are implementations of
'group policy on linux' out there). 

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080301/86ca946c/attachment.bin

More information about the samba-technical mailing list