[Samba] Samba PDC, OpenLDAP, and passwd chat

Adam Tauno Williams adamtaunowilliams at gmail.com
Wed Apr 2 19:37:01 GMT 2008

> "Your password must be at least 5 characters, cannot
> repeat any of your previous 0 passwords and must be at least 0 days
> old.  Please type a different password.  Type a password that meets
> these requirements in both text boxes."
> ...instead of the requirements set forth in OpenLDAP (minimum 6 chars,
> can't use previous 6 passwords, etc) as demonstrated below is an issue. 
> Where is it pulling these requirements from, 

The message comes from the security policy set on Samba via the pdbedit
command.  Setting a security policy via pdbedit is covered in the
pdbedit man page.

> and how can I get it to
> relay messages from OpenLDAP (e.g., the 'password fails quality
> checking' message) back to the user?

You can't.  Yes, this epically sucks.

I'd be *thrilled* to know if you come up with any universal way to
enforce password strength & re-use rules.  Currently I know of only one
- Active Directory. :(

Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

More information about the samba mailing list