Bug 49656 - Better documentation for samba password requirement settings
Better documentation for samba password requirement settings
Status: NEW
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
: 49551 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-06-14 16:52 CEST by Jürn Brodersen
Modified: 2019-07-30 16:17 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2019-06-14 16:52:45 CEST
Better documentation for samba password requirement settings

The documentation under:
https://docs.software-univention.de/manual.html#users:password:samba
suggest that these settings are only relevant for Windowsclients, but in my tests these were also used for the selfservice, the umc password change (in the hamburger menu) and passwd. I guess all of these use kerberos in some way?

It would be nice if password policies were working with samba, that would make this bug unnecessary :)

Previous discussions about that:
bug 35809
bug 38749
bug 45128
bug 42592
Comment 1 Jürn Brodersen univentionstaff 2019-06-14 17:00:41 CEST
*** Bug 49551 has been marked as a duplicate of this bug. ***
Comment 2 Arvid Requate univentionstaff 2019-06-17 13:49:19 CEST
> It would be nice if password policies were working with samba, that would make this bug unnecessary :)

There is a conceptual issue here: You can have multiple different UDM Password Policies, assigned to LDAP branches (but only a single one per DN) but Active Directory supports two types:

1. Domain Password Settings - Synchronized by S4-Connector with UDM object settings/sambadomain - But intrinsically incompatible with differential UDM policies.

2. Fine Grained Password Policies (FGPP) / Password Settings Objects (PSO) - Not (yet) synchronitzed with UDM Password Policies (See Bug 45128 Comment 2).