[Samba] samba4 & kpasswd: refuses to change
Andrew Bartlett
abartlet at samba.org
Thu Aug 30 21:25:55 MDT 2012
On Thu, 2012-08-30 at 14:59 +0000, Thomas Mueller wrote:
> Am Thu, 30 Aug 2012 14:07:00 +0000 schrieb Thomas Mueller:
>
> > Am Thu, 30 Aug 2012 13:45:50 +0000 schrieb Thomas Mueller:
> >
> >
> >> # kpasswd Password for user at TEST.DOMAIN:
> >> Enter new password:
> >> Enter it again:
> >> Password change rejected: Password must be at least 7 characters long,
> >> and cannot match any of your 24 previous passwords
> >
> > OK, it's not a kpasswd problem. Changing the password from windows (ctrl
> > -
> > alt -del -> change password) brings up the same message.
> >
> > - Thomas
>
> and finally found the root cause:
>
> the default password policy is set to a minimal password age of 1 day
Samba generates that message, so if you want to patch
source4/kdc/kpasswd.c to give a better message, you would be most
welcome.
The restrictions are implemented in
source4/dsdb/samdb/ldb_modules/password_hash.c. We could either try and
send back a better string from there, or at least use the string sent
back already (without the windows error code on the front).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list