We are performing tests to deploy a Univention UCS domain with samba Active Directory in our company and, to comply with a security normative, we need to activate the GPO "Display information about previous logons during user logon" found in "Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options".
I have been testing but I can't get it to work correctly. The result I get is that, on the computers that I apply the GPO, during login it shows me an error and I can't log in. The error message is "Security policies on this computer are set to show info about the last interactive sign-in, but Windows couldn't retrieve that info. Contact your network administrator for help."
I have found on the internet that this policy only works with a domain functional level equal or higher than 2008, so this is not the problem, since samba-ad has a domain functional level of 2008 R2.
I also found that the policy must be applied to the domain controller for it to work correctly, but I have also tried it and I can't get it to work, I keep getting the same error.
Before trying Univention UCS we configured an Active Directory with samba4 on a Debian 11, but the result is the same.
Could someone tell me why this GPO is failing and how to fix it? And, in case it is not possible, how can I get something similar to what this policy does in some other way, such as through a script at login or similar?