[Samba] Samba Password Complexity Requirements

Rowland Penny rpenny at samba.org
Fri Nov 18 20:03:13 UTC 2022

On 18/11/2022 19:52, Joseph Bell via samba wrote:
> Howdy.
> We utilize Samba as our “AD” domain controller/LDAP, and I’m required to provide for a SOC2 audit the following:  “password complexity requirements, account lockouts, and minimum lengths”.  I’m covered on the latter too, but
> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_password_policies.html (not canonical I know) and https://wiki.samba.org/index.php/Password_Settings_Objects are a bit oblique as to what makes up a “complex” password.  Are special symbols required?  Use of one of more character classes (lowercase, numbers, uppercase, special symbols)?
> I then see “If you grep the codebase for 'msDS-ResultantPSO', you should find all the places that try to use it.” – will this lead me to the complexity requirements?
> Thanks for any assistance in trying to track these down, I’m surprised it’s not better documented as the question comes up frequently on audits!
> Yours,
> Joe

I would have thought that the google result for 'active directory 
password complexity', which is about 4,170,000 results is well 
documented ;-)

The Samba requirement for password complexity is the same as Microsoft AD.


More information about the samba mailing list