[Samba] Domain password policy with Samba AD DC

[Peter Milesson]

On 26.08.2023 18:13, Rowland Penny via samba wrote:
> On Sat, 26 Aug 2023 18:02:44 +0200
> Peter Milesson via samba <samba at lists.samba.org> wrote:
>
>> Hi Anantha,
> Why do I get the feeling I missed something here ?
>
>> I now know (the hard way) that it's possible to manage the password
>> policies with samba-tool. But through my futile trials and
>> information on different web sites (very little documentation in the
>> Samba wiki), it is evident that it's not possible using Group Policy
>> Manager from the RSAT tool suite. IMHO, it's quite perplexing for a
>> user that does not know Samba AD DC configuration extremely well.
>>
>> If you have got a workaround, allowing the use of the RSAT Group
>> Policy Manager, I, and probably many other, would be happy to get
>> some information how this is done.
> Have you read this:
>
> https://dmulder.github.io/group-policy-book/sec.html
>
> Rowland
>
Hi Rowland,

Thanks for the link. I will study it with interest.

However, I'm setting up a Windows only test domain, the only Linux box 
is the Samba DC, and I will try using the RSAT tool suite as far as 
possible. Trying to set the password policies for the domain with the 
Windows GPME (logged in as domain\administrator), got me absolutely 
nowhere. Setting the policies using samba-tool worked. Reading through 
previous posts on the Samba list, the only way seems to be using 
samba-tool, unless I missed something essential. The ADMX templates both 
for Samba and for Windows 10 22H2 have been loaded.

What I'm trying to point out, is that there isn't one word about setting 
GPOs in the Wiki page with instructions for setting up a AD DC. The book 
in the link definitely deserves to be mentioned on that page.

I'm going to study the book, and see if I get it working with GPMC.

Best regards,

Peter