Univention Bugzilla – Bug 35997
Explain Samba 4 password policies
Last modified: 2020-07-02 17:19:54 CEST
It seems that the samba 4 password policies are not clear - we get tickets with relates questions quite often. Therefore we should explain the different policies (samba domain ldap object, samba-tool domain) in a short troubleshooting guide.
samba-tool domain passwordsettings show Password informations for domain 'DC=sunshine,DC=local' Password complexity: off Store plaintext passwords: off Password history length: 3 Minimum password length: 6 Minimum password age (days): 0 Maximum password age (days): 0 Account lockout duration (mins): 0 Account lockout threshold (attempts): 0 Reset account lockout after (mins): 30 -------------------------------------------------------------------------- udm policies/pwhistory list DN: cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=sunshine,dc=local ARG: None ldapFilter: None name: default-settings length: 3 expiryInterval: 70 pwQualityCheck: None pwLength: 8 ----------------------------------------------------------------------------
Online for now, but we need to make some more additions. A policy result should be added, because there could be different UDM-Policies with different LDAP-paths and thereby different users connected. univention-policy-result -w "$(ucr get ldap/hostdn)" -y /etc/machine.secret uid=user1,dc=sunshine,dc=local
Changes and improvements for SDB entries aren't tracked in Bugzilla anymore, so I close these entries. Please comment on help.univention.com or get in touch with the Univention Support team in case you have any suggestions for the SDB.