Bug 12413 - Password policy is ignored from GPO
Password policy is ignored from GPO
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.5.1
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-08 12:39 UTC by Petr Svec
Modified: 2016-11-08 17:54 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Svec 2016-11-08 12:39:45 UTC
Global password settings in stored in Default Domain Policy (GPO) is ignored by Samba. When you change it, it would have no effect.

But when I change it via shell like: 
samba-tool domain passwordsettings set --min-pwd-age=0
or someting like else. That will work for samba and domain... but still it will have no effect to Default Domain Policy or some any other GPO.

That's confused. Because when I read same information via LDAP, I will get right values.
Comment 1 Andrew Bartlett 2016-11-08 17:54:18 UTC
Correct, this is a known issue.

Patches to cause Samba to respect group policy files were produced as part of a Google Summer of Code project, but sadly they still needed significant rework to be acceptable, and so have not been merged.