[Samba] Confusion about account locking policy (Samba AD/Windows 7 client)
Ole Traupe
ole.traupe at tu-berlin.de
Tue Dec 8 15:54:25 UTC 2015
Hi,
here on the wiki
https://wiki.samba.org/index.php/FAQ#Is_it_possible_to_set_user_specific_password_policies_in_Samba4_.28e._g._on_a_OU-base.29.3F
I read this:
"Is it possible to set user specific password policies in Samba4 (e.
g. on a OU-base)?
Samba can't handle GPO restrictions. You have to use 'samba-tool domain
passwordsettings' to change password policies. But this only applies on
domain level."
So, I have set my account lockout policy on the Samba4 DC to '5'
incorrect attempts. However, on a Windows 7 client it needs only 3
invalid attempts to get the account locked out (tested on 3 different
machines). And on domain join it seems only to need 1 invalid attempt.
What is the full story here?
Ole
More information about the samba
mailing list