>> >> > Windows cannot set the password for XXXX because: The password does not >> meet the password policy requirements. Check the minimum password length, >> password complexity and password history requirements.
TS> It's giving that error because you have a minimum length specified or TS> complexity on. If you want to change that you need to run 'samba-tool TS> domain passwordsettings set --min-pwd-length=1 --complexity=off'. Do you TS> really want to disable complexity and allow very weak passwords? I think best practices show that passwords that are too hard to remember [IMO the complexity requirement starts to get into this area] simply frustrate users and the result will be they write down the password and stick it near the computer. Then is far worse than a "weak" password. It's a password you can find by pulling open the top drawer of their desk, looking under their keyboard, or simply looking at the postie on the monitor. I'd recommend something like LastPass, but that's not really applicable here, unless you're going to pull it off your phone or something. IMO, for most of my mid-to-smaller clients, I disable password complexity requirements. I also disable the "can't reuse passwords for 4675 years. (sarcasm)" I've tended to simply generate passwords for each user and provide them with a copy. We pick multiple quasi-words with some numbers and simply live with some decreased security. [If the attacker can hit your authenticator db with millions of guesses, on or off-line, the game's probably over anyway.] I'm sure that doesn't work for everyone - but a good admin should know when and where to require higher security passwords and when not to. If the admin doesn't know this - then they'll make a myriad of other mistakes, so that high password complexity requirement will largely be useless. [i.e. A high security lock in a styrofoam door.] So, I guess I'd summarize this as: If high complexity passwords are appropriate for your site, use them. If not, don't feel particularly bad about not using them. -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
