[Samba] Samba Password Complexity Requirements

Joseph Bell joe at iachieved.it
Fri Nov 18 20:06:19 UTC 2022

Thanks Rowland!  Given I use Samba I Google’d “samba password complexity requirements”, but now that I know there is parity between the two, mischief managed.

Complexity requirements typically require the password to include a mix of:

  *   Upper or lowercase letters (A through Z and a through z)
  *   Numeric characters (0–9)
  *   Non-alphanumeric characters like $, # or %
  *   No more than two symbols from the user's account name or display name.

I appreciate you pointing me in the right direction.

From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org>
Date: Friday, November 18, 2022 at 2:03 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Samba Password Complexity Requirements

On 18/11/2022 19:52, Joseph Bell via samba wrote:
> Howdy.
> We utilize Samba as our “AD” domain controller/LDAP, and I’m required to provide for a SOC2 audit the following:  “password complexity requirements, account lockouts, and minimum lengths”.  I’m covered on the latter too, but
> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_password_policies.html (not canonical I know) and https://wiki.samba.org/index.php/Password_Settings_Objects are a bit oblique as to what makes up a “complex” password.  Are special symbols required?  Use of one of more character classes (lowercase, numbers, uppercase, special symbols)?
> I then see “If you grep the codebase for 'msDS-ResultantPSO', you should find all the places that try to use it.” – will this lead me to the complexity requirements?
> Thanks for any assistance in trying to track these down, I’m surprised it’s not better documented as the question comes up frequently on audits!
> Yours,
> Joe

I would have thought that the google result for 'active directory
password complexity', which is about 4,170,000 results is well
documented ;-)

The Samba requirement for password complexity is the same as Microsoft AD.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list