[Samba] password complexity bypasswd by check password script

Francis francisd at gmail.com
Thu Feb 24 21:16:56 UTC 2022


I was wondering why my DC allowed users to set weak passwords even if the
domain password policy requires "complexity".

I'm using a "check password script" that verifies if the password is leaked
in the HIBP database. I found that defining a check password script REPLACE
completely the built-in password complexity check. The documentation is not
clear on this subject and I wonder if this is a bug or a feature. If this
is indeed a "feature", I suggest editing the documentation to make it more
clear as this can lead to failure to meet security policies.



More information about the samba mailing list