The Samba-Bugzilla – Bug 12413
Password policy is ignored from GPO
Last modified: 2016-11-08 17:54:18 UTC
Global password settings in stored in Default Domain Policy (GPO) is ignored by Samba. When you change it, it would have no effect.
But when I change it via shell like:
samba-tool domain passwordsettings set --min-pwd-age=0
or someting like else. That will work for samba and domain... but still it will have no effect to Default Domain Policy or some any other GPO.
That's confused. Because when I read same information via LDAP, I will get right values.
Correct, this is a known issue.
Patches to cause Samba to respect group policy files were produced as part of a Google Summer of Code project, but sadly they still needed significant rework to be acceptable, and so have not been merged.