Bug 1705 - Minimum password not sent to windows workstation
Minimum password not sent to windows workstation
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
All Linux
: P3 normal
: none
Assigned To: Tim Potter
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2004-09-01 14:57 UTC by George Farris
Modified: 2005-08-24 10:25 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description George Farris 2004-09-01 14:57:03 UTC
I have a Samba 3.0.3 system setup with LDAP.

I can set the "min password length" in smb.conf and the
system will respect that but when changing the password
from win2k and giving it a smaller password than set
it always displays "password must be a minimum of 5 characters"

It will display this even if "min password length" is set
to 7.  You won't actually be able to have a password less than
7 but it confuses the hell out of our users.
Comment 1 Tim Potter 2004-09-01 18:11:06 UTC
Are there any messages in the log file when this happens?  You will need to set
your 'debug level' in smb.conf to at least 1.
Comment 2 Tim Potter 2004-09-01 18:14:14 UTC
debug level = 10 is probably the best idea
Comment 3 Guenther Deschner 2004-10-01 16:19:04 UTC
This is caused by the default value of the account_policy "min password length"
(5) that perfectly collides with lp_min_passwd_length. Both value's are checked
after each other during a password change (actually causing a problematic
situation, if one these values is less then the default value of 5).

The client itself queries the password-policy-settings just for the
account-policy and thus displays "5".

As a quick workaround you could set the account poliy to the same value as your
smb.conf option via
pdbedit -P "min password length" -C 7

Tim, shouldn't we remove lp_min_passwd_length completly?
Comment 4 Guenther Deschner 2004-11-23 04:32:04 UTC
George, any news on this? Did setting the account-policy with pdbedit helped you?
Comment 5 Gerald (Jerry) Carter 2004-11-23 07:04:49 UTC
gd, mark 'min password length' as deprecated in loadparm.c.  Then remove it's actual use in the 
code.  Then go ahead and close this bug.  My rule is that no feedback in over 30 days
== automatic close (at your discetion). 
Comment 6 Guenther Deschner 2004-12-21 04:08:28 UTC
The initial reported gave me positive feedback on my solution proposed in
comment #7. Just marked "min password length" as depreciated now, People should
use the corresponding Account Policy instead.
Comment 7 Gerald (Jerry) Carter 2005-02-11 07:48:24 UTC
all we're doing on this one for now.
Comment 8 Gerald (Jerry) Carter 2005-08-24 10:25:48 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.