[Samba] Domain password policy with Samba AD DC
David Mulder
dmulder at samba.org
Thu Sep 7 14:43:57 UTC 2023
On 9/7/23 3:22 AM, Peter Milesson via samba wrote:
>
> Now, things seem to clear a bit.
>
> Yesterday, I could still set passwords with length = 4 characters.
> When letting everything "mature" overnight, the Default Domain Policy
> seems to apply. Now, a minimum of 6 characters are required, and when
> I run samba-tool domain passwordsettings, the parameter Minimum
> password length = 6.
>
> Everything seems to be working, except for the fact, that gpupdate
> /force in Windows does not immediately update the GPOs. If I run
> samba-gpupdate --force, the altered GPO takes effect immediately,
> however.
>
> So to summarize using GPME to update the GPO controlling password
> policies:
>
> *
>
> Add apply group policies = yes in smb.conf (restart samba-ad-dc
> service)
>
> *
>
> Log in as TESTDOM\\Administrator to a domain Windows PC with RSAT
> tools installed
>
> *
>
> Edit the GPO Default Domain Policy/Computer
> Configuration/Policies/Windows Settings/Security Settings/Account
> Policies/Password Policy with GPME and close the GPME and GPMC
>
> *
>
> (Don't bother running gpupdate /force in Windows, it's got no effect
> anyway)
>
> *
>
> If you want the changed GPO to take effekt immediately, run
> samba-gpupdate --force on the DC, otherwise wait anything from 90 -
> 120 minutes.
>
Peter, would you be willing the update the wiki with instructions that
helped you? You mentioned previously you were following some
instructions that didn't mention how to set this up.
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the samba
mailing list