[Samba] Domain Controller GPO

Daniel Müller mueller at tropenklinik.de
Tue Apr 19 00:49:41 MDT 2011

Refer to my thread this list: HOWTO samba4 centos5.5 named dnsupdate drbd
simple failover

Password Policy Settings!!

Along with Samba4 the Password Policy you can only set from console, with 
'net  pwsettings ' command.
net  pwsettings  –help:

usage: (show | set <options>)

  -h, --help            show this help message and exit
  -H H                  LDB URL for database or target server
  --quiet               Be quiet
                        The password complexity (on | off | default).
                        is 'on'
                        The password history length (<integer> | default).
                        Default is 24.
                        The minimum password length (<integer> | default).
                        Default is 7.
                        The minimum password age (<integer in days> |
                        default).  Default is 1.
                        The maximum password age (<integer in days> |
                        default).  Default is 43.

  Samba Common Options:
    -s FILE, --configfile=FILE
                        Configuration file
    -d DEBUGLEVEL, --debuglevel=DEBUGLEVEL
                        debug level
    --option=OPTION     set smb.conf option from command line
    --realm=REALM       set the realm name

  Credentials Options:
                        DN to use for a simple bind
    -U USERNAME, --username=USERNAME
    -W WORKGROUP, --workgroup=WORKGROUP
    -N, --no-pass       Don't ask for a password
    -k KERBEROS, --kerberos=KERBEROS
                        Use Kerberos

  Version Options:
    --version           Display version number

So I set my Password Policy:

net  pwsettings  set –--complexity=off
net  pwsettings  set ---max-pwd-age=60 #<---60 Days
net  pwsettings  set –min-pwd-length=5

net  pwsettings  show:

[root at node1 ~]# net pwsettings show
Password informations for domain 'DC=tuebingen,DC=tst,DC=loc'

Password complexity: off
Password history length: 24
Minimum password length: 5
Minimum password age (days): 1

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Christophe Dezé
Gesendet: Dienstag, 19. April 2011 07:58
An: samba at lists.samba.org
Betreff: Re: [Samba] Domain Controller GPO

Le 18/04/2011 21:15, Ryan Leimenstoll a écrit :
> Hi All,
>    I am using Samba4 Alpha12, and i am trying to edit the password policy
> (which I believe is derived from the PDC's policy), but I am trying to
> figure out whether Samba4 can respond to GPOs. If It cannot, how would I
> define the password policy for the domain? Thanks.
it 's maybe because 4.0.0alpha12 - wasn't released


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list