Just wondering if OpenLDAP is able to assign a password policy to a specific group? Thanks
I've been given a requirement to enforce a minimum password length of 15 characters on my Windows-based systems. Supposedly, this is possible and is being done on some other systems already. However, I can't seem to get it to work.
The key problem appears to be that the policy is normally limited to only accepting values of 0 to 14.
I've tried setting it higher, but it does not work.
How is anyone able to get around this?
I need a solution that will work both through domain-based GPO and on standalone systems. If possible, I need a fix that's backward-compatible down to XP/2003. Third-party tools are not an option.
I found this article: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide really useful to set fine-grained password policies for a user or a Security Group.
But I haven't found any way to do this at an OU level - at least not any way that I can get it to work.
Any good articles that show how to do this?
Windows domain environment here. We're looking at putting in a self-service password reset system (using Citrix Single Sign-on), and I'm trying to figure out if we can limit the number of password resets a user can initiate down to 2 per day.
I'm not sure that this can be done with Citrix Single Sign-on (correct me if I'm wrong), but is it possible to restrict this with an AD password policy, without preventing Administrators from being able to reset the password if the user calls?
I moved password quality checking in Samba from check password script to PAM, now when pam_passwdqc or pam_cracklib deny password change the user revives a "Access denied" error, not the standard "The password you typed does not meet the password policy yada yada" (still mostly untrue when dictionary checking is involved and there are different rules for different lengths).
How I can force Samba to return a "password does not meet policy" error when PAM denies password change? I already use pam password change = yes
Can I make Samba return more specific error and make Windows to show it? e.g.: your password is too short, your password is based on dictionary word, your password needs to also have characters other than letters.