The Samba-Bugzilla – Bug 4817
'Password complexity' failures when adding computer with MMC ADUC
Last modified: 2007-08-22 02:37:37 UTC
Currently, when I add a user account to SAMBA, there is the password complexity required. Unfortunately, there happens the same thing when adding a computer account in ADUC (where you can't set a password).
On a Windows Server there is the possibility, to control this behavior with the group policies. But on SAMBA this doesn't seem to work yet.
Maybe there should be deactivated that control until the program supports it in the right way.
I've reproduced this. I need to figure out what's going on here...
The issue was that MMC ADUC sets a 14 (UCS2) character, made up of random bytes. This natually doesn't include very many (almost never any) ASCII uppercase/lowercase characters, so it failed the complexity test.
I've fixed the test with -r 24273, so that on any reasonable 'random' buffer, we will accept the password.
The bug is reproducible when you add a computer object with ADUC and check "Allow pre-Windows 2000 computers to use this account".
Ah, that would be setting the account password to machine$...
-r 24611 should fix this. It turns out that machine account passwords are not password quality checked at all.
Thankyou very much for chasing this up!
Retested today, it works. So we can now also create empty computer accounts for older NT workstations (I think 3.1 / 3.51 / 4.0 maybe also OS/2).