[Samba] Confusion about account locking policy (Samba AD/Windows 7 client)
Andrew Bartlett
abartlet at samba.org
Wed Dec 9 09:03:52 UTC 2015
On Tue, 2015-12-08 at 17:45 +0100, mathias dufresne wrote:
> I just can't reply to your question as I have not this information. I
> don't
> know how Samba works, I've got feelings about how it works : )
> And as my MS world knowledge is just worst, I can't rely on it to
> tell you
> how Windows generate its passwords policy.
>
> How I think it works is:
> you configure password policy using samba-tool
> samba modifies the default domain policy (not tested, even if it's
> easy
> enough)
No, Samba neither reads nor writes group policy files.
> windows client get the new policy when gpupdate is launched or at
> boot time
> (because password policy is computer policy and this because there is
> nothing in Samba to manage that account by account)
No, the windows client doesn't know about domain controller policies,
and wouldn't have the right to lock out accounts even if it did.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list