[Samba] Samba Password Complexity Requirements
Rowland Penny
rpenny at samba.org
Fri Nov 18 20:03:13 UTC 2022
On 18/11/2022 19:52, Joseph Bell via samba wrote:
> Howdy.
>
> We utilize Samba as our “AD” domain controller/LDAP, and I’m required to provide for a SOC2 audit the following: “password complexity requirements, account lockouts, and minimum lengths”. I’m covered on the latter too, but
>
> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_password_policies.html (not canonical I know) and https://wiki.samba.org/index.php/Password_Settings_Objects are a bit oblique as to what makes up a “complex” password. Are special symbols required? Use of one of more character classes (lowercase, numbers, uppercase, special symbols)?
>
> I then see “If you grep the codebase for 'msDS-ResultantPSO', you should find all the places that try to use it.” – will this lead me to the complexity requirements?
>
> Thanks for any assistance in trying to track these down, I’m surprised it’s not better documented as the question comes up frequently on audits!
>
> Yours,
> Joe
>
I would have thought that the google result for 'active directory
password complexity', which is about 4,170,000 results is well
documented ;-)
The Samba requirement for password complexity is the same as Microsoft AD.
Rowland
More information about the samba
mailing list