Bug 1705 - Minimum password not sent to windows workstation
Summary: Minimum password not sent to windows workstation
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.3
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Tim Potter
QA Contact: Samba QA Contact
Depends on:
Reported: 2004-09-01 14:57 UTC by George Farris
Modified: 2005-08-24 10:25 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description George Farris 2004-09-01 14:57:03 UTC
I have a Samba 3.0.3 system setup with LDAP.

I can set the "min password length" in smb.conf and the
system will respect that but when changing the password
from win2k and giving it a smaller password than set
it always displays "password must be a minimum of 5 characters"

It will display this even if "min password length" is set
to 7.  You won't actually be able to have a password less than
7 but it confuses the hell out of our users.
Comment 1 Tim Potter 2004-09-01 18:11:06 UTC
Are there any messages in the log file when this happens?  You will need to set
your 'debug level' in smb.conf to at least 1.
Comment 2 Tim Potter 2004-09-01 18:14:14 UTC
debug level = 10 is probably the best idea
Comment 3 Guenther Deschner 2004-10-01 16:19:04 UTC
This is caused by the default value of the account_policy "min password length"
(5) that perfectly collides with lp_min_passwd_length. Both value's are checked
after each other during a password change (actually causing a problematic
situation, if one these values is less then the default value of 5).

The client itself queries the password-policy-settings just for the
account-policy and thus displays "5".

As a quick workaround you could set the account poliy to the same value as your
smb.conf option via
pdbedit -P "min password length" -C 7

Tim, shouldn't we remove lp_min_passwd_length completly?
Comment 4 Guenther Deschner 2004-11-23 04:32:04 UTC
George, any news on this? Did setting the account-policy with pdbedit helped you?
Comment 5 Gerald (Jerry) Carter (dead mail address) 2004-11-23 07:04:49 UTC
gd, mark 'min password length' as deprecated in loadparm.c.  Then remove it's actual use in the 
code.  Then go ahead and close this bug.  My rule is that no feedback in over 30 days
== automatic close (at your discetion). 
Comment 6 Guenther Deschner 2004-12-21 04:08:28 UTC
The initial reported gave me positive feedback on my solution proposed in
comment #7. Just marked "min password length" as depreciated now, People should
use the corresponding Account Policy instead.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-02-11 07:48:24 UTC
all we're doing on this one for now.
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:25:48 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.