Description: During the provision of a domain, the password lenght and complexity is checked to late and the setup fails if the rules does not match. The user has to start the process again. Steps to reproduce: 1. Provision a new domain # samba-tool domain provision --use-rfc2307 --interactive 2. During the setup, enter a password that does not match the complexity rules. For example: "test" (to short) or "password" (not complex). Actual results: samba-tools starts the provisioning process and fails later: Realm [SAMDOM.EXAMPLE.COM]: Domain [SAMDOM]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [10.99.0.1]: Administrator password: test Retype password: test Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=samdom,DC=example,DC=com Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password is too short. It should be equal or longer than 7 characters! File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 461, in run nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2175, in provision skip_sysvolacl=skip_sysvolacl) File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1787, in provision_fill next_rid=next_rid, dc_rid=dc_rid) File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1447, in fill_samdb "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le')) File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py", line 55, in setup_add_ldif ldb.add_ldif(data, controls) File "/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py", line 225, in add_ldif self.add(msg, controls) or ... Administrator password: password Retype password: password ... ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not meet the complexity criteria! Expected results: samba-tool should test the length and complexity rules directly after the user enters. If it does not pass, an error should be printed and the user asked again. For example: Administrator password: test Retype password: test ERROR: The password is too short. It must be equal or longer than 7 characters! Administrator password: password Retype password: password ERROR: The password does not meet the complexity criteria! ...
*** This bug has been marked as a duplicate of bug 9710 ***