[Samba] Samba Password Complexity Requirements
Joseph Bell
joe at iachieved.it
Fri Nov 18 20:06:19 UTC 2022
Thanks Rowland! Given I use Samba I Google’d “samba password complexity requirements”, but now that I know there is parity between the two, mischief managed.
Complexity requirements typically require the password to include a mix of:
* Upper or lowercase letters (A through Z and a through z)
* Numeric characters (0–9)
* Non-alphanumeric characters like $, # or %
* No more than two symbols from the user's account name or display name.
I appreciate you pointing me in the right direction.
Joe
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org>
Date: Friday, November 18, 2022 at 2:03 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Samba Password Complexity Requirements
On 18/11/2022 19:52, Joseph Bell via samba wrote:
> Howdy.
>
> We utilize Samba as our “AD” domain controller/LDAP, and I’m required to provide for a SOC2 audit the following: “password complexity requirements, account lockouts, and minimum lengths”. I’m covered on the latter too, but
>
> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_password_policies.html (not canonical I know) and https://wiki.samba.org/index.php/Password_Settings_Objects are a bit oblique as to what makes up a “complex” password. Are special symbols required? Use of one of more character classes (lowercase, numbers, uppercase, special symbols)?
>
> I then see “If you grep the codebase for 'msDS-ResultantPSO', you should find all the places that try to use it.” – will this lead me to the complexity requirements?
>
> Thanks for any assistance in trying to track these down, I’m surprised it’s not better documented as the question comes up frequently on audits!
>
> Yours,
> Joe
>
I would have thought that the google result for 'active directory
password complexity', which is about 4,170,000 results is well
documented ;-)
The Samba requirement for password complexity is the same as Microsoft AD.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list