Problem - changing passwords GPO in AD

I use Nethserver 7.
I have a problem with enforcing changing passwords using the GPO policy. I set my own password change policy and also changed the default policy in the GPO - unfortunately no response.
I use the Windows RSAT tool. Please help. What should I pay attention to?

What policy did you set exactly? How did you test it?

I have set
Password policies
Strong password policy for Users - zaznaczone (yes)
Password Expiration for Users - odznaczone (no)
The Maximum Password Age (30 days)
The Minimum Password Age (0 days)

TLS policy
default upstrem policy

Users ang group
Enable password expiration - yes

config getprop passwordstrength Users - strong
config getprop passwordstrength PassWarning - 7
config getprop passwordstrength MinPassAge - 0
config getprop passwordstrength MaxPassAge - 30

I set the GPO
Enforce password history - 10
Maximum password age - 2
Minimum password age - 1
Minimum password length - 8
Password must meet complexity requirements - enabled

I’m not sure I understood the issue. Please see if this Samba ML discussion can help

Samba does not honour group policy itself (it just hosts it for Windows
clients to apply locally.

We’re going to overcome this limitation with Samba 4.9 PSOs

1 Like

I also noticed the error in the tool samba-tool. how to solve it?

[root@ad1 bin]# ./samba-tool domain passwordsettings show
Traceback (most recent call last):
File “./samba-tool”, line 33, in
from samba.netcmd.main import cmd_sambatool
ImportError: No module named samba.netcmd.main

Samba AD DC runs in a Linux container, so you must prepend samba-tool invocations (and similar commands) with nsdc-run, like

nsdc-run -- samba-tool domain passwordsettings show
1 Like

thank you very much