[Samba] Domain password policy with Samba AD DC
Peter Milesson
miles at atmos.eu
Sat Aug 26 09:49:11 UTC 2023
Hi folks,
I just wonder why it is not possible to set domain password policies
with GPO, using the Windows RSAT Group Policy Manager? For most other
settings, using GPOs through RSAT works.
For somebody who sets up a Samba AD DC infrequently, this is a huge
trap. There should be a very visible warning on the AD DC setup wiki
page, that you *must* setup password policies with samba-tool, if you
plan to change the default password policies (which I assume most will
do). It should also be very clearly noted that it is not possible to do
this with RSAT (as lots of people will try that anyway). This warning
should also be displayed on the Group Policy wiki page. If there are
other GPO policies that can not be set with RSAT, those should also be
listed.
For those living with Samba daily, this may seem like nitpicking, but
for the administrator who wants to try Samba as an alternative to
Windows server, this could really be the brick wall that decides the
final decision.
I'm just setting up a test domain for pre implementation testing, and
stumbled on this problem. As I frequently read the Samba list, I had a
feeling that I had seen some posts about this problem. Searching old
posts, I found enough information to make further searches, which saved
the better part of a day.
IMHO, this is such a fundamental activity when setting up a new domain,
that it deserves to be clearly noted.
I wish everybody a nice day,
Peter
More information about the samba
mailing list