[Samba] Confusion about account locking policy (Samba AD/Windows 7 client)

Andrew Bartlett abartlet at samba.org
Wed Dec 9 09:03:52 UTC 2015

On Tue, 2015-12-08 at 17:45 +0100, mathias dufresne wrote:
> I just can't reply to your question as I have not this information. I
> don't
> know how Samba works, I've got feelings about how it works : )
> And as my MS world knowledge is just worst, I can't rely on it to
> tell you
> how Windows generate its passwords policy.
> How I think it works is:
> you configure password policy using samba-tool
> samba modifies the default domain policy (not tested, even if it's
> easy
> enough)

No, Samba neither reads nor writes group policy files.  

> windows client get the new policy when gpupdate is launched or at
> boot time
> (because password policy is computer policy and this because there is
> nothing in Samba to manage that account by account)

No, the windows client doesn't know about domain controller policies,
and wouldn't have the right to lock out accounts even if it did.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list