[Samba] Password complexity checks and local users...
Marco Gaiarin
gaio at sv.lnf.it
Thu Jun 21 07:55:59 UTC 2018
AFAI've understood 'samba-tool domain passwordsettings' set domain
password settings, while the GPO equivalent settings is for the client
(windows client and server os).
Currently i've enabled password complexity checks server side:
root at vdcsv1:~# samba-tool domain passwordsettings show
Password informations for domain 'DC=ad,DC=fvg,DC=lnf,DC=it'
Password complexity: on
Store plaintext passwords: off
Password history length: 5
Minimum password length: 8
Minimum password age (days): 0
Maximum password age (days): 90
Account lockout duration (mins): 30
Account lockout threshold (attempts): 5
Reset account lockout after (mins): 5
mostly because i need custom policy (eg, a 'check password script').
But i've disabled them in GPO, but still local users (eg,
Administrator) seems have that policy applied:
net user Administrator kaaPxvqEXW
La password non soddisfa i requisiti dei Criteri di password. Verificare la lunghezza minima della password, la complessit\205 della password e i requisiti della cronologia della password.
Ulteriori informazioni sono disponibili digitando NET HELPMSG 2245.
'net user Administrator' does not impact on 'Password history length'
(eg, i can set the same password), so the only things i can hit is the
'Password complexity', because the password does not contain
punctuation.
Nota that password like that are generated with a script
('winadminpassword'), and when the generated password have a punctuation
char, windows get the password as expected.
Someone have some clue?! Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list