Problem - changing passwords GPO in AD

Hello
I use Nethserver 7.
I have a problem with enforcing changing passwords using the GPO policy. I set my own password change policy and also changed the default policy in the GPO - unfortunately no response.
I use the Windows RSAT tool. Please help. What should I pay attention to?

What policy did you set exactly? How did you test it?

I have set
Password policies
Strong password policy for Users - zaznaczone (yes)
Password Expiration for Users - odznaczone (no)
The Maximum Password Age (30 days)
The Minimum Password Age (0 days)

TLS policy
default upstrem policy

Users ang group
Enable password expiration - yes

config getprop passwordstrength Users - strong
config getprop passwordstrength PassWarning - 7
config getprop passwordstrength MinPassAge - 0
config getprop passwordstrength MaxPassAge - 30

I set the GPO
Enforce password history - 10
Maximum password age - 2
Minimum password age - 1
Minimum password length - 8
Password must meet complexity requirements - enabled

I’m not sure I understood the issue. Please see if this Samba ML discussion can help

http://samba.2283325.n4.nabble.com/Samba4-and-group-policy-password-policy-td2456310.html

Samba does not honour group policy itself (it just hosts it for Windows
clients to apply locally.

We’re going to overcome this limitation with Samba 4.9 PSOs

https://wiki.samba.org/index.php/Password_Settings_Objects

1 Like

I also noticed the error in the tool samba-tool. how to solve it?

[root@ad1 bin]# ./samba-tool domain passwordsettings show
Traceback (most recent call last):
File “./samba-tool”, line 33, in
from samba.netcmd.main import cmd_sambatool
ImportError: No module named samba.netcmd.main

Samba AD DC runs in a Linux container, so you must prepend samba-tool invocations (and similar commands) with nsdc-run, like

nsdc-run -- samba-tool domain passwordsettings show
1 Like

thank you very much