[Samba] Strong Password Enforcement (Windows-side)

Cybr0t McWhulf cybre at killcybre.org
Thu Oct 2 20:25:31 GMT 2003

Before I begin, big thanks to John Terpstra for helping me out with my
previous issues.

But alas I have another issue, I need to enforce strong passwords on
windows side (i.e. ctrl+alt+delete change password), minimum password
length, can't be dictionary words, etc. etc.

(Setup is Samba 3.0.0 as PDC with LDAP passdb)

>From what I undersatnd previously this could've been done using
pam_smbpass or a policy pushed out from netlogon, but I'm dealing with a
mixed environment of 2k/XP, and I read that nt4 policies don't work with
XP.  And it would appear that when using ldap password sync it bypasses

Also I've seen alot about Group Policy Editor, but it seems that's only
useful if you're using AD.

Is this perhaps the direction pdbedit is going towards?  it would be quite
nifty to have a single command to edit (or generate) domain policies. It
seemed to work with altering the minimum password length, but it only goes so

Any suggestions / advice / heckling if I'm being an idiot would be

 -- Cybr0t McWhulf

More information about the samba mailing list