[Samba] 'check password script' and Join...
Rowland Penny
rpenny at samba.org
Tue Oct 24 15:27:02 UTC 2017
On Tue, 24 Oct 2017 16:58:49 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > Did you run the command to disable the password check or
> > complexabilty on all you DC's?
>
> Oh, never minded about that. Sure.
> Instead of commenting 'check password script' i can do:
>
> samba-tool domain passwordsettings set --complexity=off
>
> sure! Thanks!
>
> But, why you say «on all you DC's»? The password policies are related
> to the domain, not to the single DC?
The password settings are related to the DC and by default you cannot
set or change a password if it isn't complex enough, you do not need to
use an external script.
> Or password policies are not ''replicated'' and have to be set on
> every DC?
>
>
> > That is needed.
>
> Only for the join, right? After that, i can re-enable complexity
> checks, right?
> Or a domain with multiple DC ought to have '--complexity=off' (and use
> GPOs for password policy)?
Problem with using GPOs for password complexity, GPOs do not apply to
Samba DCs.
Rowland
More information about the samba
mailing list