[Samba] Password complexity

Josh Kelley joshkel at gmail.com
Fri Nov 18 19:24:02 GMT 2005


I'm setting up password complexity requirements on our Samba server,
using the "check password script" option, the provided crackcheck.c
program, and the "min password length" account policy.  Everything
works; however, the error message that a Windows client gets when a
new password fails to pass crackcheck is not terribly helpful:

"Your password must be at least 8 characters, cannot repeat any of
your previous 0 passwords and must be at least 0 days old.  Please
type a different password.  Type a password which meets these
requirements in both text boxes."

By contrast, the error message that a Windows client gets when trying
to set a password that doesn't meet the password policy on a local
account is very verbose:

"The password supplied does not meet the minimum complexity
requirements.  Please select another password that meets all of the
following criteria: is at least 8 characters; has not been used in the
previous 0 passwords; must not have been changed within the past 0
days; does not contain your account or full name; contains at least
three of the following four character groups: English uppercase
characters (A through Z); English lowercase characters (a through z);
Numerals (0 through 9); Non-alphabetic characters (such as !, $, #,
%).  Type a password which meets these requirements in both text
boxes."

Is there any way to get the Samba server to give more descriptive
"your password is too simple" messages to the Windows client?

Josh Kelley


More information about the samba mailing list