[Samba] Samba Password Complexity Requirements

Joseph Bell joe at iachieved.it
Fri Nov 18 19:52:57 UTC 2022


We utilize Samba as our “AD” domain controller/LDAP, and I’m required to provide for a SOC2 audit the following:  “password complexity requirements, account lockouts, and minimum lengths”.  I’m covered on the latter too, but

https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_password_policies.html (not canonical I know) and https://wiki.samba.org/index.php/Password_Settings_Objects are a bit oblique as to what makes up a “complex” password.  Are special symbols required?  Use of one of more character classes (lowercase, numbers, uppercase, special symbols)?

I then see “If you grep the codebase for 'msDS-ResultantPSO', you should find all the places that try to use it.” – will this lead me to the complexity requirements?

Thanks for any assistance in trying to track these down, I’m surprised it’s not better documented as the question comes up frequently on audits!


More information about the samba mailing list