[Samba] password complexity bypasswd by check password script
Rowland Penny
rpenny at samba.org
Thu Feb 24 21:29:13 UTC 2022
On Thu, 2022-02-24 at 16:16 -0500, Francis via samba wrote:
> Hello,
>
> I was wondering why my DC allowed users to set weak passwords even if
> the
> domain password policy requires "complexity".
>
> I'm using a "check password script" that verifies if the password is
> leaked
> in the HIBP database. I found that defining a check password script
> REPLACE
> completely the built-in password complexity check.
How are you creating users, using 'samba-tool user add' requires the
username and password, so you could feed it the output of your 'check
password script' and if this password didn't meet the domain password
complexity, the user wouldn't be created.
Rowland
More information about the samba
mailing list