[Samba] Domain password policy with Samba AD DC
dmulder at samba.org
Wed Sep 6 11:51:03 UTC 2023
On 8/28/23 1:45 AM, Peter Milesson via samba wrote:
> Many thanks for the information. I guess, which of the methods for
> setting password policies depends on local conditions, and admin
> preferences and experience. In a mainly Windows oriented domain,
> setting things through the GPMC would be the preferred way, and in a
> mixed, or Linux oriented domain, with samba-tool.
The samba-tool command for setting password policies is simply setting
the same value that the GPME does. So it doesn't matter at all which you
use for this. You need to make sure you set the password policy on the
`Default Domain Controller Policy`. Then you need to enable group policy
on the *domain controller*, via the "apply group policies" setting, as
> What I pointed out in my original post was, the absence of information
> about GPO handling in the Samba wiki, when setting up a new AD DC.
> IMHO this information is absolutely essential for successful domain
> operations with Windows. Even in a fairly small domain with a Samba AD
> DC, a server (Samba or Windows), and a few workstations, operations
> will be quite impaired without applying at least a few essential GPOs.
> In my particular case, folder redirection, and a few other things. I
> couldn't imagine setting up the domain without GPOs, and it would end
> up in a horrible mess.
Sounds like a documentation issue. We should add these details to the
wiki page you were following.
> So, just a few lines and a link to the GPO wiki page in the
> instructions for setting up a Samba AD DC, will be sufficient. In the
> GPO wiki page, your information about the "apply group policies"
> should not be missing, as well as a link to David Mulder's GPO "bible"
> (https://dmulder.github.io/group-policy-book/sec.html), which Rowland
> kindly pointed out.
Labs Software Engineer, Samba
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
dmulder at suse.com
More information about the samba