[Samba] Removing password complexity requirements under Samba4

[Gregory Sloop]

MF> We had problems removing password complexity, and I noticed a lot of
MF> confusion on the list about exactly this topic. So I thought I would post
MF> our success.

MF> We're talking about a Samba4 PDC/AD here. Once we got Samba installed and
MF> provisioned, we used samba-tool from the command-line on the Samba box to
MF> change the domain password settings:

MF>    sudo samba-tool domain passwordsettings set --complexity=off
MF>    sudo samba-tool domain passwordsettings set --history-length=0
MF>    sudo samba-tool domain passwordsettings set --min-pwd-age=0
MF>    sudo samba-tool domain passwordsettings set --max-pwd-age=0

MF> Restarted Samba, did a gpupdate /force on the workstation, and it worked.
MF> No need to set up a GPO (although that would sometimes be preferable).

MF> We tried the samba-tool method initially, as well as a GPO, and were
MF> baffled when neither worked. I think we had our minumum password age at the
MF> default value (1 day) and were trying to reset the password the same day we
MF> created the accounts.

MF> In any case, we're able to change passwords with reckless abandon in our
MF> test environment at the moment.

MF> Mark

FYI Only:

One note, for the record. When you're doing the initial provision, and
are supplying the root/admin password for the domain, there is NOT a
way to reduce the complexity requirements for that operation. [Not
that you'd *want* your master domain admin password to be something
ridiculously lousy like "abc" or anything.]

But someone has asked about getting 'round it before.

If it really bothers someone, you can always meet the complexity
requirement during provision, then use the samba-tool as above, and
change it to "xyz" if that's what turns your crank. :)

-Greg