[Samba] Confusion about account locking policy (Samba AD/Windows 7 client)
mathias dufresne
infractory at gmail.com
Wed Dec 9 10:25:08 UTC 2015
Thank you Andrew for these clarifications.
2015-12-09 10:03 GMT+01:00 Andrew Bartlett <abartlet at samba.org>:
> On Tue, 2015-12-08 at 17:45 +0100, mathias dufresne wrote:
> > I just can't reply to your question as I have not this information. I
> > don't
> > know how Samba works, I've got feelings about how it works : )
> > And as my MS world knowledge is just worst, I can't rely on it to
> > tell you
> > how Windows generate its passwords policy.
> >
> > How I think it works is:
> > you configure password policy using samba-tool
> > samba modifies the default domain policy (not tested, even if it's
> > easy
> > enough)
>
> No, Samba neither reads nor writes group policy files.
>
> > windows client get the new policy when gpupdate is launched or at
> > boot time
> > (because password policy is computer policy and this because there is
> > nothing in Samba to manage that account by account)
>
> No, the windows client doesn't know about domain controller policies,
> and wouldn't have the right to lock out accounts even if it did.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>
More information about the samba
mailing list