[Samba] Password complexity checks and local users...

Marco Gaiarin gaio at sv.lnf.it
Thu Jun 21 07:55:59 UTC 2018 

AFAI've understood 'samba-tool domain passwordsettings' set domain
password settings, while the GPO equivalent settings is for the client
(windows client and server os).

Currently i've enabled password complexity checks server side:

 root at vdcsv1:~# samba-tool domain passwordsettings show
 Password informations for domain 'DC=ad,DC=fvg,DC=lnf,DC=it'
 
 Password complexity: on
 Store plaintext passwords: off
 Password history length: 5
 Minimum password length: 8
 Minimum password age (days): 0
 Maximum password age (days): 90
 Account lockout duration (mins): 30
 Account lockout threshold (attempts): 5
 Reset account lockout after (mins): 5

mostly because i need custom policy (eg, a 'check password script').


But i've disabled them in GPO, but still local users (eg,
Administrator) seems have that policy applied:

	net user Administrator kaaPxvqEXW
	La password non soddisfa i requisiti dei Criteri di password. Verificare la lunghezza minima della password, la complessit\205 della password e i requisiti della cronologia della password.
	Ulteriori informazioni sono disponibili digitando NET HELPMSG 2245.

'net user Administrator' does not impact on 'Password history length'
(eg, i can set the same password), so the only things i can hit is the
'Password complexity', because the password does not contain
punctuation.

Nota that password like that are generated with a script
('winadminpassword'), and when the generated password have a punctuation
char, windows get the password as expected.


Someone have some clue?! Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list