[Samba] Confusion about account locking policy (Samba AD/Windows 7 client)

Ole Traupe ole.traupe at tu-berlin.de
Tue Dec 8 15:54:25 UTC 2015


here on the wiki
I read this:

    "Is it possible to set user specific password policies in Samba4 (e.
    g. on a OU-base)?

Samba can't handle GPO restrictions. You have to use 'samba-tool domain 
passwordsettings' to change password policies. But this only applies on 
domain level."

So, I have set my account lockout policy on the Samba4 DC to '5' 
incorrect attempts. However, on a Windows 7 client it needs only 3 
invalid attempts to get the account locked out (tested on 3 different 
machines). And on domain join it seems only to need 1 invalid attempt.

What is the full story here?


More information about the samba mailing list