samba - Jun 2017 - Classic upgrade and forced password change...

Mandi! Rowland Penny via samba
  In chel di` si favelave...
> Not if you turn the various complexity rules off, but I cannot
> understand just what you have against complex passwords.
Absolutely nothing against complex password, i'm a bit worried about
complex INITIAL password... ;-)

> You can do this, you just cannot use a simple password unless you turn
> password complexity off.
[...]
> This is down to '--history-length' in the complexity settings
[...]
> as root on DC:
> samba-tool user setpassword user1
OK. To be totally clear: the only way to set 'dumb' password in
samba/AD, is to disable all password complexity checks (for all users
of the domain), change the password, and then reenable them.

Right?

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

On Thu, 22 Jun 2017 12:35:31 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> > Not if you turn the various complexity rules off, but I cannot
> > understand just what you have against complex passwords.
> 
> Absolutely nothing against complex password, i'm a bit worried about
> complex INITIAL password... ;-)
Still don't understand, what is wrong with setting a complex password
if the user will be forced to change it ?
> 
> 
> > You can do this, you just cannot use a simple password unless you
> > turn password complexity off.
> [...]
> > This is down to '--history-length' in the complexity settings
> [...]
> > as root on DC:
> > samba-tool user setpassword user1
> 
> OK. To be totally clear: the only way to set 'dumb' password in
> samba/AD, is to disable all password complexity checks (for all users
> of the domain), change the password, and then reenable them.
> 
> Right?
Correct, you can either have complex passwords for all users, or you
can have simple passwords for all users. You cannot have complex
passwords for some users and simple passwords for others.

Rowland
>

Mandi! Rowland Penny via samba
  In chel di` si favelave...
> > Absolutely nothing against complex password, i'm a bit worried
about
> > complex INITIAL password... ;-)
> Still don't understand, what is wrong with setting a complex password
> if the user will be forced to change it ?
Nothing wrong, simply using the (initial) password as the login is a simpler
communication channel with the user. ;-)

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)