[Samba] Removing password complexity requirements under Samba4
mark.fox at ecacs16.ab.ca
Fri Aug 9 14:42:25 MDT 2013
We had problems removing password complexity, and I noticed a lot of
confusion on the list about exactly this topic. So I thought I would post
We're talking about a Samba4 PDC/AD here. Once we got Samba installed and
provisioned, we used samba-tool from the command-line on the Samba box to
change the domain password settings:
sudo samba-tool domain passwordsettings set --complexity=off
sudo samba-tool domain passwordsettings set --history-length=0
sudo samba-tool domain passwordsettings set --min-pwd-age=0
sudo samba-tool domain passwordsettings set --max-pwd-age=0
Restarted Samba, did a gpupdate /force on the workstation, and it worked.
No need to set up a GPO (although that would sometimes be preferable).
We tried the samba-tool method initially, as well as a GPO, and were
baffled when neither worked. I think we had our minumum password age at the
default value (1 day) and were trying to reset the password the same day we
created the accounts.
In any case, we're able to change passwords with reckless abandon in our
test environment at the moment.
More information about the samba