Hi everyone, I need an active directory instance with some non-standart policies to users passwords: 1) Group users minimal length is 6, Group Administrators 12 2) Should have special symbols (!#$) and numbers are required 3) Password must not be dictionary words or based on them ( no admin, user, sysop etc) 4) Each new password must differ to the old one by 50%. Can I do all those in samba ad? The thing bothering me is 1 and 3. Thanks in advance!
On Tue, 2015-06-02 at 08:46 +0300, Krutskikh Ivan wrote:> Hi everyone, > > I need an active directory instance with some non-standart policies to > users passwords: > > 1) Group users minimal length is 6, Group Administrators 12 > 2) Should have special symbols (!#$) and numbers are required > 3) Password must not be dictionary words or based on them ( no admin, user, > sysop etc) > 4) Each new password must differ to the old one by 50%. > > Can I do all those in samba ad? > > The thing bothering me is 1 and 3.Not currently, but a patch to hook back in the password policy check used in the 'classic' DC code would be very worthwhile. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Right... Can I step back and do this in classic DC mode? What drawbacks would I face? 2015-06-02 10:48 GMT+03:00 Andrew Bartlett <abartlet at samba.org>:> On Tue, 2015-06-02 at 08:46 +0300, Krutskikh Ivan wrote: > > Hi everyone, > > > > I need an active directory instance with some non-standart policies to > > users passwords: > > > > 1) Group users minimal length is 6, Group Administrators 12 > > 2) Should have special symbols (!#$) and numbers are required > > 3) Password must not be dictionary words or based on them ( no admin, > user, > > sysop etc) > > 4) Each new password must differ to the old one by 50%. > > > > Can I do all those in samba ad? > > > > The thing bothering me is 1 and 3. > > Not currently, but a patch to hook back in the password policy check > used in the 'classic' DC code would be very worthwhile. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > >