[Samba] AD Rules in Samba

Tue Apr 26 13:20:07 GMT 2005

>>>How can I create group policies in Active Directory using Samba 3? (Such as only
>>>allow three time incorrect login and ect.)
>>>      
>>>
>
>You can use pdbedit to establish password policies; lock out counts,
>expiration, minimum time to change, length, etc...
>  
>
Ah... but of course.  Thanks for catching my slip-up.  The information 
on this can be found in the pdbedit man page, these appear to be the 
relevant portions

     -P account-policy
          Display an account policy

          Valid policies are: minimum password age,  reset  count
          minutes,  disconnect  time,  user  must logon to change
          password, password history, lockout duration, min pass-
          word  length,  maximum password age and bad lockout at-
          tempt.

          Example: pdbedit -P "bad lockout attempt"

          account policy value for bad lockout attempt is 0

     -C account-policy-value
          Sets an account policy to a specified value.  This  op-
          tion  may  only  be used in conjunction with the -P op-
          tion.

          Example: pdbedit -P "bad lockout attempt" -C 3

          account policy value for bad lockout attempt was 0
          account policy value for bad lockout attempt is now 3

>>Are you saying that you are running an samba controlled domain and would 
>>like to make use of the GPO functionality like one would get in an AD 
>>domain?
>>If that is the case, you can't.  The closest you can get is using NT4 
>>style policies.
>>    
>>
>
>There was a statement that GPO *IS* possible in Samba 3.x;  but I
>haven't seen the documentation come forth.
>  
>
Really?  I thought this was excusively a samba4 thang.  My ears and mind 
are open...

-- 
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com