[Samba] Confusion about account locking policy (Samba AD/Windows 7 client)
ole.traupe at tu-berlin.de
Tue Dec 8 15:54:25 UTC 2015
here on the wiki
I read this:
"Is it possible to set user specific password policies in Samba4 (e.
g. on a OU-base)?
Samba can't handle GPO restrictions. You have to use 'samba-tool domain
passwordsettings' to change password policies. But this only applies on
So, I have set my account lockout policy on the Samba4 DC to '5'
incorrect attempts. However, on a Windows 7 client it needs only 3
invalid attempts to get the account locked out (tested on 3 different
machines). And on domain join it seems only to need 1 invalid attempt.
What is the full story here?
More information about the samba