[Samba] samba4 & kpasswd: refuses to change

Andrew Bartlett abartlet at samba.org
Thu Aug 30 21:25:55 MDT 2012


On Thu, 2012-08-30 at 14:59 +0000, Thomas Mueller wrote:
> Am Thu, 30 Aug 2012 14:07:00 +0000 schrieb Thomas Mueller:
> 
> > Am Thu, 30 Aug 2012 13:45:50 +0000 schrieb Thomas Mueller:
> > 
> > 
> >> # kpasswd Password for user at TEST.DOMAIN:
> >> Enter new password:
> >> Enter it again:
> >> Password change rejected: Password must be at least 7 characters long,
> >> and cannot match any of your 24 previous passwords
> > 
> > OK, it's not a kpasswd problem. Changing the password from windows (ctrl
> > -
> > alt -del -> change password) brings up the same message.
> > 
> > - Thomas
> 
> and finally found the root cause:
> 
> the default password policy is set to a minimal password age of 1 day

Samba generates that message, so if you want to patch
source4/kdc/kpasswd.c to give a better message, you would be most
welcome.

The restrictions are implemented in
source4/dsdb/samdb/ldb_modules/password_hash.c.  We could either try and
send back a better string from there, or at least use the string sent
back already (without the windows error code on the front). 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba mailing list