AD Rules in Samba

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

AD Rules in Samba

samba-22
Hi,

How can I create group policies in Active Directory using Samba 3? (Such as only
allow three time incorrect login and ect.)

Are there any pages that I can refer to.


Regards
---- Msg sent via ORANGEMAIL ----
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: AD Rules in Samba

Paul Gienger

>How can I create group policies in Active Directory using Samba 3? (Such as only
>allow three time incorrect login and ect.)
>  
>
Are you saying that you are running an samba controlled domain and would
like to make use of the GPO functionality like one would get in an AD
domain?

If that is the case, you can't.  The closest you can get is using NT4
style policies.

>Are there any pages that I can refer to.
>  
>
Please refer to the official books from www.samba.org.  They go into
some detail about using poledit and such.

--
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: [hidden email]



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: AD Rules in Samba

Adam Tauno Williams
> >How can I create group policies in Active Directory using Samba 3? (Such as only
> >allow three time incorrect login and ect.)

You can use pdbedit to establish password policies; lock out counts,
expiration, minimum time to change, length, etc...

> Are you saying that you are running an samba controlled domain and would
> like to make use of the GPO functionality like one would get in an AD
> domain?
> If that is the case, you can't.  The closest you can get is using NT4
> style policies.

There was a statement that GPO *IS* possible in Samba 3.x;  but I
haven't seen the documentation come forth.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: AD Rules in Samba

Paul Gienger

>>>How can I create group policies in Active Directory using Samba 3? (Such as only
>>>allow three time incorrect login and ect.)
>>>      
>>>
>
>You can use pdbedit to establish password policies; lock out counts,
>expiration, minimum time to change, length, etc...
>  
>
Ah... but of course.  Thanks for catching my slip-up.  The information
on this can be found in the pdbedit man page, these appear to be the
relevant portions

     -P account-policy
          Display an account policy

          Valid policies are: minimum password age,  reset  count
          minutes,  disconnect  time,  user  must logon to change
          password, password history, lockout duration, min pass-
          word  length,  maximum password age and bad lockout at-
          tempt.

          Example: pdbedit -P "bad lockout attempt"

          account policy value for bad lockout attempt is 0

     -C account-policy-value
          Sets an account policy to a specified value.  This  op-
          tion  may  only  be used in conjunction with the -P op-
          tion.

          Example: pdbedit -P "bad lockout attempt" -C 3

          account policy value for bad lockout attempt was 0
          account policy value for bad lockout attempt is now 3

>>Are you saying that you are running an samba controlled domain and would
>>like to make use of the GPO functionality like one would get in an AD
>>domain?
>>If that is the case, you can't.  The closest you can get is using NT4
>>style policies.
>>    
>>
>
>There was a statement that GPO *IS* possible in Samba 3.x;  but I
>haven't seen the documentation come forth.
>  
>
Really?  I thought this was excusively a samba4 thang.  My ears and mind
are open...

--
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: [hidden email]



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: AD Rules in Samba

Tony Earnshaw
In reply to this post by Paul Gienger
tir, 26.04.2005 kl. 14.57 skrev Paul Gienger:

> >How can I create group policies in Active Directory using Samba 3? (Such as only
> >allow three time incorrect login and ect.)
> >  
> >
> Are you saying that you are running an samba controlled domain and would
> like to make use of the GPO functionality like one would get in an AD
> domain?
>
> If that is the case, you can't.  The closest you can get is using NT4
> style policies.
>
> >Are there any pages that I can refer to.
> >  
> >
> Please refer to the official books from www.samba.org.  They go into
> some detail about using poledit and such.

Actually, that's not quite correct. There is at least one commercial
tool available for Samba that makes it possible to use mmc (the
Microsoft Management Console) and many of its snapins (especially Group
Policy, but some others work too) to write policy to netlogon and read
it in at user logon time. Obviously Samba has to support these :)

--Tonni

--
Nothing sucksseeds like a pigeon without a beak ...

mail: [hidden email]
http://www.billy.demon.nl
 
They'll love us, won't they? They feed us, don't they? ...

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: AD Rules in Samba

Schlomo Schapiro

On Tue, 26 Apr 2005, Tony Earnshaw wrote:

> Actually, that's not quite correct. There is at least one commercial
> tool available for Samba that makes it possible to use mmc (the
> Microsoft Management Console) and many of its snapins (especially Group
> Policy, but some others work too) to write policy to netlogon and read
> it in at user logon time. Obviously Samba has to support these :)

I have seen such a tool at the CeBIT last year - but they had a GPO-like
system that worked besides Samba, basically they re-implemented the GPO
stuff independantly of a Domain Controller.

--
Regards,
Schlomo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba