[Samba] Classic upgrade and forced password change...

Marco Gaiarin gaio at sv.lnf.it
Wed Jun 21 08:44:02 UTC 2017


I'm doing some test moving from a NT domain to ad AD domain, using
debian jessie samba (4.2) and obviously the 'classicupgrade' procedure.

In my setup i use(d) extensively some script to reset password to
users. I was (ab)used to have 'smbpasswd' behave differently if
executed by root, eg change the password without taking in
consideration password policy and check password scripts.

This seems not the case for AD mode (using 'gaio' as password):

 root at lupus:~# smbpasswd gaio
 New SMB password:
 Retype new SMB password:
 Failed to modify account record CN=gaio,CN=Users,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it to set user attributes: 0000052D: Constraint violation - check_password_restrictions: the password is too short. It should be equal or longer than 8 characters!
 Failed to modify entry for user gaio.

 root at lupus:~# samba-tool user setpassword gaio
 New Password: 
 ERROR: Failed to set password for user 'gaio': (19, '0000052D: Constraint violation - check_password_restrictions: the password is too short. It should be equal or longer than 8 characters!')

This is ''intended'', or is a bug of samba 4.2 version?


There's some way to circumvent it?


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



More information about the samba mailing list