Web lists-archives.com

Re: [Samba] Classic upgrade and forced password change...




On Wed, 21 Jun 2017 10:44:02 +0200
Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:

> 
> I'm doing some test moving from a NT domain to ad AD domain, using
> debian jessie samba (4.2) and obviously the 'classicupgrade'
> procedure.

You will probably be better off using a later version of Samba, 4.2 is
EOL as far as Samba is concerned. You can easily do this by going here:

http://apt.van-belle.nl/

> 
> In my setup i use(d) extensively some script to reset password to
> users. I was (ab)used to have 'smbpasswd' behave differently if
> executed by root, eg change the password without taking in
> consideration password policy and check password scripts.
> 
> This seems not the case for AD mode (using 'gaio' as password):
> 
>  root@lupus:~# smbpasswd gaio
>  New SMB password:
>  Retype new SMB password:
>  Failed to modify account record
> CN=gaio,CN=Users,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it to set user
> attributes: 0000052D: Constraint violation -
> check_password_restrictions: the password is too short. It should be
> equal or longer than 8 characters! Failed to modify entry for user
> gaio.
> 
>  root@lupus:~# samba-tool user setpassword gaio
>  New Password: 
>  ERROR: Failed to set password for user 'gaio': (19, '0000052D:
> Constraint violation - check_password_restrictions: the password is
> too short. It should be equal or longer than 8 characters!')
> 
> This is ''intended'', or is a bug of samba 4.2 version?
> 
> 
> There's some way to circumvent it?

It all depends if you are trying to change the passwords after the new
AD domain is created, or during the upgrade.

If it is the later, then probably not, but if you are changing them once
the domain is up and running, you can use another samba-tool command:

samba-tool domain passwordsettings set --complexity=off

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba