I moved password quality checking in Samba from check password script
to PAM, now when pam_passwdqc
or pam_cracklib
deny password change the user revives a "Access denied" error, not the standard "The password you typed does not meet the password policy yada yada" (still mostly untrue when dictionary checking is involved and there are different rules for different lengths).
How I can force Samba to return a "password does not meet policy" error when PAM denies password change? I already use pam password change = yes
Can I make Samba return more specific error and make Windows to show it? e.g.: your password is too short, your password is based on dictionary word, your password needs to also have characters other than letters.
Samba sends NT_STATUS_* messages to your clients. I don't think it's customizable.