Our Homeland Security CISA advisor has advised setting our Windows domain passwords to a 16 character minumum as, according to her, pw lengths 14 or less are easily cracked but 16+ are extremely difficult. I was able to set the Windows Group Policy minimum password length to 16 characters, but when I do 'samba-tool domain passwordsettings show' it still shows Minimum password length: 8. The min=16 seems to work when Windows users change their passwords, but why is this not reflected in samba-tool? My Samba version is 4.8.2. Is that too old for this attribute? BTW - if anyone else wants to set Windows PW lengths greater than 14, here's the link on how to: https://learn.microsoft.com/en-us/answers/questions/187134/cannot-set-minimum-password-length-to-more-than-14 Thanks --Mark
Andrew Bartlett
2023-Jan-24 20:03 UTC
[Samba] Setting/Showing minimum password length > 14
On Tue, 2023-01-24 at 14:44 -0500, Mark Foley via samba wrote:> Our Homeland Security CISA advisor has advised setting our Windows > domain passwords to a 16 > character minumum as, according to her, pw lengths 14 or less are > easily cracked but 16+ are > extremely difficult. > > I was able to set the Windows Group Policy minimum password length to > 16 characters, but when I > do 'samba-tool domain passwordsettings show' it still shows Minimum > password length: 8. > > The min=16 seems to work when Windows users change their passwords, > but why is this not > reflected in samba-tool? My Samba version is 4.8.2. Is that too old > for this attribute?On a version that old, bad passwords are the least of your concerns. ;-) Newer versions can interpret the group policy values, as I understand it (look at David Mulder's work) but the traditional way to set these is via 'samba-tool domain passwordsettings set' which is supported and enforced. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions