I was setting up my samba installations adding some passwords complexity checks.
But, at least for now, i cannot reject simple passwords (my user have to be educated first): i was thinking to a dirfferent approach, like the script return a 'score' for the password and if score are too low, the password duration are shorted.
Implementation it is a matter of an c/perl/bash/... exercise, simply my intention was to use 'check password script' to score the password, log it somewhere and return 0, accepting the password, differing by some hour/day a check that parse user and password score, and if score are too low shorten the password duration.
The trouble arise from the fact that 'check password script' does not expand %u (username) variable, so there's no way to associate the password score with the user.
For more info, in Italian, look at:
Created attachment 4133 [details]
Patch to implement Requested Enhancement
This patch implements a way to pass username to the password check script
Patch commit to upstream.
To use pass %u as a parameter to the check password script