Bug 12413 - Password policy is ignored from GPO
Summary: Password policy is ignored from GPO
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.5.1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-11-08 12:39 UTC by Petr Svec
Modified: 2020-08-24 17:08 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Petr Svec 2016-11-08 12:39:45 UTC
Global password settings in stored in Default Domain Policy (GPO) is ignored by Samba. When you change it, it would have no effect.

But when I change it via shell like: 
samba-tool domain passwordsettings set --min-pwd-age=0
or someting like else. That will work for samba and domain... but still it will have no effect to Default Domain Policy or some any other GPO.

That's confused. Because when I read same information via LDAP, I will get right values.
Comment 1 Andrew Bartlett 2016-11-08 17:54:18 UTC
Correct, this is a known issue.

Patches to cause Samba to respect group policy files were produced as part of a Google Summer of Code project, but sadly they still needed significant rework to be acceptable, and so have not been merged.
Comment 2 David Mulder 2020-08-24 17:08:34 UTC
The patches to fix this have been merged.