[Samba] Time synchronization and Password Policies
Anantha Raghava
raghav at exzatechconsulting.com
Tue Nov 21 03:40:32 UTC 2017
Hi,
We are running Samba-AD and all things are working absolutely fine.
However, two very specific issues observed one related to Windows
Clients (Members) automatically synchronizing the time with PDC emulator
and second password policies are not getting enforced.
/*Time Synchronization:*/
Normally, in totally Windows environment, when adding a windows PC (Or
server) to a domain as a member it automatically synchronizes its time
with PDC emulator. However in case of Samba-AD, we have to manually
synchronize the time with PDC emulator before making the Windows PC (Or
server) a member of domain. If the time difference between the Samba-AD
and Windows Client is more than 300 Seconds, the client, instead of
synchronizing the time with Samba-AD's PDC emulator, it throws the error
and stops. This behavior is observed with Windows XP, Windows 7, Windows
8 / 8.1, Windows 10 and all Windows Server editions.
Any specific setting we have to enable on the Samba-AD to automatically
synchronize the time while adding domain members?
/*Password Policies*/
Password policies are not getting enforced on the clients. Initially we
thought that we have to set those policies using "samba-tool user
passwordsettings" and not on Windows GPO. As this was not enforcing the
password policies, we set the GPO with the same settings. Yet the same
result. Password Policies are not getting applied.
We have three domain controllers in out environment.
Any guidance to set these right?
--
Thanks & Regards,
Anantha Raghava
Do not print this e-mail unless required. Save Paper & trees.
More information about the samba
mailing list