Bug 49656 - Better documentation for samba password requirement settings
Summary: Better documentation for samba password requirement settings
Status: RESOLVED WONTFIX
Alias: None
Product: UCS
Classification: Unclassified
Component: Samba4
Version: UCS 4.4
Hardware: Other Linux
: P5 normal
Target Milestone: ---
Assignee: Samba maintainers
QA Contact: Samba maintainers
URL:
Keywords:
: 49551 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-06-14 16:52 CEST by Jürn Brodersen
Modified: 2024-06-27 12:10 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2019-06-14 16:52:45 CEST 
Better documentation for samba password requirement settings

The documentation under:
https://docs.software-univention.de/manual.html#users:password:samba
suggest that these settings are only relevant for Windowsclients, but in my tests these were also used for the selfservice, the umc password change (in the hamburger menu) and passwd. I guess all of these use kerberos in some way?

It would be nice if password policies were working with samba, that would make this bug unnecessary :)

Previous discussions about that:
bug 35809
bug 38749
bug 45128
bug 42592
Comment 1 Jürn Brodersen univentionstaff 2019-06-14 17:00:41 CEST 
*** Bug 49551 has been marked as a duplicate of this bug. ***
Comment 2 Arvid Requate univentionstaff 2019-06-17 13:49:19 CEST 
> It would be nice if password policies were working with samba, that would make this bug unnecessary :)

There is a conceptual issue here: You can have multiple different UDM Password Policies, assigned to LDAP branches (but only a single one per DN) but Active Directory supports two types:

1. Domain Password Settings - Synchronized by S4-Connector with UDM object settings/sambadomain - But intrinsically incompatible with differential UDM policies.

2. Fine Grained Password Policies (FGPP) / Password Settings Objects (PSO) - Not (yet) synchronitzed with UDM Password Policies (See Bug 45128 Comment 2).
Comment 3 Jan-Luca Kiok univentionstaff 2024-06-27 12:10:34 CEST 
This issue has been filed against UCS 4.4.

UCS 4.4 is out of general maintenance and components may have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.