[Samba] Domain password policy with Samba AD DC

Rowland Penny rpenny at samba.org
Sat Aug 26 17:54:34 UTC 2023

On Sat, 26 Aug 2023 19:03:19 +0200
Peter Milesson via samba <samba at lists.samba.org> wrote:

> On 26.08.2023 18:13, Rowland Penny via samba wrote:
> > On Sat, 26 Aug 2023 18:02:44 +0200
> > Peter Milesson via samba <samba at lists.samba.org> wrote:
> >
> >> Hi Anantha,
> > Why do I get the feeling I missed something here ?
> >
> >> I now know (the hard way) that it's possible to manage the password
> >> policies with samba-tool. But through my futile trials and
> >> information on different web sites (very little documentation in
> >> the Samba wiki), it is evident that it's not possible using Group
> >> Policy Manager from the RSAT tool suite. IMHO, it's quite
> >> perplexing for a user that does not know Samba AD DC configuration
> >> extremely well.
> >>
> >> If you have got a workaround, allowing the use of the RSAT Group
> >> Policy Manager, I, and probably many other, would be happy to get
> >> some information how this is done.
> > Have you read this:
> >
> > https://dmulder.github.io/group-policy-book/sec.html
> >
> > Rowland
> >
> Hi Rowland,
> Thanks for the link. I will study it with interest.
> However, I'm setting up a Windows only test domain, the only Linux
> box is the Samba DC, and I will try using the RSAT tool suite as far
> as possible. Trying to set the password policies for the domain with
> the Windows GPME (logged in as domain\administrator), got me
> absolutely nowhere. Setting the policies using samba-tool worked.
> Reading through previous posts on the Samba list, the only way seems
> to be using samba-tool, unless I missed something essential. The ADMX
> templates both for Samba and for Windows 10 22H2 have been loaded.
> What I'm trying to point out, is that there isn't one word about
> setting GPOs in the Wiki page with instructions for setting up a AD
> DC. The book in the link definitely deserves to be mentioned on that
> page.
> I'm going to study the book, and see if I get it working with GPMC.
> Best regards,
> Peter

I do not use GPOs, so know little about them, not enough to even think
about altering the Samba wiki, but if you feel that something needs
changing, then please make any changes required.

The information I linked to was written by David Mulder,
who it would seem is the Samba GPO guru and he seems to think that
using the GPME works, if it doesn't, then this is probably a bug, so if
necessary, please open a bug report.


More information about the samba mailing list