[Samba] Time synchronization and Password Policies

[Anantha Raghava]

Hi,

We are running Samba-AD and all things are working absolutely fine.

However, two very specific issues observed one related to Windows 
Clients (Members) automatically synchronizing the time with PDC emulator 
and second password policies are not getting enforced.

/*Time Synchronization:*/

Normally, in totally Windows environment, when adding a windows PC (Or 
server) to a domain as a member it automatically synchronizes its time 
with PDC emulator. However in case of Samba-AD, we have to manually 
synchronize the time with PDC emulator before making the Windows PC (Or 
server) a member of domain. If the time difference between the Samba-AD 
and Windows Client is more than 300 Seconds, the client, instead of 
synchronizing the time with Samba-AD's PDC emulator, it throws the error 
and stops. This behavior is observed with Windows XP, Windows 7, Windows 
8 / 8.1, Windows 10 and all Windows Server editions.

Any specific setting we have to enable on the Samba-AD to automatically 
synchronize the time while adding domain members?

/*Password Policies*/

Password policies are not getting enforced on the clients. Initially we 
thought that we have to set those policies using "samba-tool user 
passwordsettings" and not on Windows GPO. As this was not enforcing the 
password policies, we set the GPO with the same settings. Yet the same 
result. Password Policies are not getting applied.

We have three domain controllers in out environment.


Any guidance to set these right?

-- 

Thanks & Regards,


Anantha Raghava


Do not print this e-mail unless required. Save Paper & trees.