[Samba] 'check password script' and Join...
Marco Gaiarin
gaio at sv.lnf.it
Tue Oct 24 16:07:23 UTC 2017
Mandi! Rowland Penny via samba
In chel di` si favelave...
> The password settings are related to the DC and by default you cannot
> set or change a password if it isn't complex enough
Ok.
>, you do not need to use an external script.
Ahem, someone out there need it. ;-)
This mean that, if i keep a 'check password script', i could also hit
some trubles on, eg, workstation join or the renew of the machine
password?
> Problem with using GPOs for password complexity, GPOs do not apply to
> Samba DCs.
Ok, i mean that: i can setup password policies on GPOs, but the DCs
cannot ''enforce'' it.
So, trying to summarize:
a) 'check password script' are called for every password change, also
the ''system'' one (join, ...); this can be a potential source of
trouble.
b) password policies defined with 'samba-tool domain passwordsettings
set' are ''per DCs'', they not get ''replicated''.
c) if you need to enforce password policies in a domain, you have to
set password policies for every DCs.
Right? Thanks.
PS: and domain members? How they enforce passwords policies? Directly
on AD DC, i suppose... but i'll ask. ;-)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list