[Samba] Samba 4.19.2: "Unwilling to perform" password change
Andrew Bartlett
abartlet at samba.org
Mon Dec 18 01:01:04 UTC 2023
On Sat, 2023-12-16 at 20:28 +0000, Rowland Penny via samba wrote:
> On Sat, 16 Dec 2023 14:29:06 -0500
> Joshua Kramer via samba <
> samba at lists.samba.org
> > wrote:
>
> > Hello All,
> >
> > I have a custom built version of Samba 4.19.2 running on Rocky
> > Linux
> > 9. When I attempt to change a password via LDAP, I get an error,
> > "Unwilling to Perform". In Google searches I found that this is
> > due
> > to password complexity requirements.
>
> The password complexity isn't the problem, the problem is that you
> cannot change the unicode password over ldap, you have to use ssl
> (ldaps).
Or Kerberos/NTLM encryption, but these are harder to do with most
tools.
We did this to avoid exposure of the new passwords over LDAP. We
perhaps should have allowed for the equally insecure "ldap server
require strong auth = no" but honestly I would prefer folks didn't do
that either.
We now match Windows behaviour.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list