Can i set policy to linux client via samba 4 pdc

Andrew Bartlett abartlet at
Tue Nov 23 16:06:04 MST 2010

On Tue, 2010-11-23 at 23:28 +0330, hesam mohamadian wrote:
> hello Andrew and thanks for your reply can I set some policies to my
> linux client like password policy , and so on ... in some software
> such as LIKEWISE you can set policies  on your Linux machines can I do
> this via winbind and samba either ?
> in one site said : inorder to join linux to AD you have 2 choices 
> 1 - samba 
> or 
> 2- kerberos   
> for example in LIKEWISE you just need install kerberos on your linux
> machine inorder to join linux to AD 
> Thanks 

Both Samba and Likewise use kerberos libraries to provide the underlying
mechanism for joining Linux machines to AD.  However, while some folks
still foolishly suggest using pam_krb5 and nss_ldap as 'active directory
integration', this isn't a good idea.  Both Samba and Likewise provide
proper integration, understanding AD properly and integrating with it

I don't currently know how well Likewise works with Samba4, but Samba3
should work well. 

As regards your question:  It very much depends what policies you wish
to apply.  Password policy makes little sense - that whole point of
using Samba4 is to control passwords centrally, and so you should use
'samba-tool pwsettings' to control things like password expiration.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list