[Samba] 'check password script' and Join...

Rowland Penny rpenny at samba.org
Tue Oct 24 15:27:02 UTC 2017

On Tue, 24 Oct 2017 16:58:49 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> > Did you run the command  to disable the password check or
> > complexabilty on all you DC's?
> Oh, never minded about that. Sure.
> Instead of commenting 'check password script' i can do:
> 	samba-tool domain passwordsettings set --complexity=off
> sure! Thanks!
> But, why you say «on all you DC's»? The password policies are related
> to the domain, not to the single DC?

The password settings are related to the DC and by default you cannot
set or change a password if it isn't complex enough, you do not need to
use an external script.

> Or password policies are not ''replicated'' and have to be set on
> every DC?

> > That is needed. 
> Only for the join, right? After that, i can re-enable complexity
> checks, right?
> Or a domain with multiple DC ought to have '--complexity=off' (and use
> GPOs for password policy)?

Problem with using GPOs for password complexity, GPOs do not apply to
Samba DCs.


More information about the samba mailing list