On 18/11/2022 19:52, Joseph Bell via samba wrote:> Howdy.
>
> We utilize Samba as our ?AD? domain controller/LDAP, and I?m required to
provide for a SOC2 audit the following: ?password complexity requirements,
account lockouts, and minimum lengths?. I?m covered on the latter too, but
>
>
https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_password_policies.html
(not canonical I know) and
https://wiki.samba.org/index.php/Password_Settings_Objects are a bit oblique as
to what makes up a ?complex? password. Are special symbols required? Use of
one of more character classes (lowercase, numbers, uppercase, special symbols)?
>
> I then see ?If you grep the codebase for 'msDS-ResultantPSO', you
should find all the places that try to use it.? ? will this lead me to the
complexity requirements?
>
> Thanks for any assistance in trying to track these down, I?m surprised it?s
not better documented as the question comes up frequently on audits!
>
> Yours,
> Joe
>
I would have thought that the google result for 'active directory
password complexity', which is about 4,170,000 results is well
documented ;-)
The Samba requirement for password complexity is the same as Microsoft AD.
Rowland