[Samba] Classic upgrade and forced password change...
Rowland Penny
rpenny at samba.org
Wed Jun 21 09:15:36 UTC 2017
On Wed, 21 Jun 2017 10:44:02 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> I'm doing some test moving from a NT domain to ad AD domain, using
> debian jessie samba (4.2) and obviously the 'classicupgrade'
> procedure.
You will probably be better off using a later version of Samba, 4.2 is
EOL as far as Samba is concerned. You can easily do this by going here:
http://apt.van-belle.nl/
>
> In my setup i use(d) extensively some script to reset password to
> users. I was (ab)used to have 'smbpasswd' behave differently if
> executed by root, eg change the password without taking in
> consideration password policy and check password scripts.
>
> This seems not the case for AD mode (using 'gaio' as password):
>
> root at lupus:~# smbpasswd gaio
> New SMB password:
> Retype new SMB password:
> Failed to modify account record
> CN=gaio,CN=Users,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it to set user
> attributes: 0000052D: Constraint violation -
> check_password_restrictions: the password is too short. It should be
> equal or longer than 8 characters! Failed to modify entry for user
> gaio.
>
> root at lupus:~# samba-tool user setpassword gaio
> New Password:
> ERROR: Failed to set password for user 'gaio': (19, '0000052D:
> Constraint violation - check_password_restrictions: the password is
> too short. It should be equal or longer than 8 characters!')
>
> This is ''intended'', or is a bug of samba 4.2 version?
>
>
> There's some way to circumvent it?
It all depends if you are trying to change the passwords after the new
AD domain is created, or during the upgrade.
If it is the later, then probably not, but if you are changing them once
the domain is up and running, you can use another samba-tool command:
samba-tool domain passwordsettings set --complexity=off
Rowland
More information about the samba
mailing list