Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] samba4 provision password complexity error
2,298 views
Skip to first unread message
Gerry Reno
Mar 10, 2013, 11:30:01 PM3/10/13
to
I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
still receive this error during the provision:
ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
meet the complexity criteria!
Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
still receive this error during the provision:
ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
meet the complexity criteria!
Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Gregory Sloop
Mar 10, 2013, 11:40:02 PM3/10/13
to
Known issue - see the wiki. [I don't think you can change the
password complexity before provisioning, but perhaps you can.]
#this sets the complexity req off.
#(I do this after provisioning, but it may work before...)
samba-tool domain passwordsettings set --complexity=off
---
But you'll have to run provisioning again, which will fail.
Thus, the easiest way I've found is simply to nuke the Samba install
ie.
rm /usr/local/samba/ -rf
Then run "make install" again and re-run provisioning.
This all assumes you're running 4.0.3 and did your own compile and
install into the default directory.
-Greg
GR> I am trying to provision my samba 4 domain and even though I have
GR> deactivated password complexity using the samba-tool I
GR> still receive this error during the provision:
GR> ERROR(ldb): uncaught exception - 0000052D: Constraint violation -
GR> check_password_restrictions: the password does not
GR> meet the complexity criteria!
GR> Is this a known issue or do I need to do something else to get
GR> this working (not counting making the password more complex)?
password complexity before provisioning, but perhaps you can.]
#this sets the complexity req off.
#(I do this after provisioning, but it may work before...)
samba-tool domain passwordsettings set --complexity=off
---
But you'll have to run provisioning again, which will fail.
Thus, the easiest way I've found is simply to nuke the Samba install
ie.
rm /usr/local/samba/ -rf
Then run "make install" again and re-run provisioning.
This all assumes you're running 4.0.3 and did your own compile and
install into the default directory.
-Greg
GR> I am trying to provision my samba 4 domain and even though I have
GR> deactivated password complexity using the samba-tool I
GR> still receive this error during the provision:
GR> ERROR(ldb): uncaught exception - 0000052D: Constraint violation -
GR> check_password_restrictions: the password does not
GR> meet the complexity criteria!
GR> Is this a known issue or do I need to do something else to get
GR> this working (not counting making the password more complex)?
Gerry Reno
Mar 10, 2013, 11:50:01 PM3/10/13
to
On 03/10/2013 10:21 PM, Gerry Reno wrote:
> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
> still receive this error during the provision:
>
> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
> meet the complexity criteria!
>
>
> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
>
>
When I check the complexity before the provision it is off.
> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
> still receive this error during the provision:
>
> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
> meet the complexity criteria!
>
>
> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
>
>
When I check the complexity after the error it is on !!
Something is turning the complexity back on during the provision. BUG
Gregory Sloop
Mar 11, 2013, 12:00:01 AM3/11/13
to
Perhaps, though it really doesn't make sense to have complexity req
before you tell it, it's a Windows style AD domain - hence that would
be why it happens when you provision the domain.
[I've never tried to set it prior to provisioning the domain, so I'm
not at all sure it's really a bug - though I'd agree cosmetically it's
a little odd.]
But _really,_ it's not that hard to meet the complexity req - especially
for your master Admin account.
Then once you get it set, and you'd _really_ *like* a vulnerable admin
password you can always turn off the req and then change it back. ;)
-Greg
GR> On 03/10/2013 10:21 PM, Gerry Reno wrote:
>> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
>> still receive this error during the provision:
>>
>> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
>> meet the complexity criteria!
>>
>>
>> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
>>
>>
GR> When I check the complexity before the provision it is off.
GR> When I check the complexity after the error it is on !!
GR> Something is turning the complexity back on during the provision. BUG
--
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: gr...@sloop.net
http://www.sloop.net
---
before you tell it, it's a Windows style AD domain - hence that would
be why it happens when you provision the domain.
[I've never tried to set it prior to provisioning the domain, so I'm
not at all sure it's really a bug - though I'd agree cosmetically it's
a little odd.]
But _really,_ it's not that hard to meet the complexity req - especially
for your master Admin account.
Then once you get it set, and you'd _really_ *like* a vulnerable admin
password you can always turn off the req and then change it back. ;)
-Greg
GR> On 03/10/2013 10:21 PM, Gerry Reno wrote:
>> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
>> still receive this error during the provision:
>>
>> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
>> meet the complexity criteria!
>>
>>
>> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
>>
>>
GR> When I check the complexity after the error it is on !!
GR> Something is turning the complexity back on during the provision. BUG
--
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: gr...@sloop.net
http://www.sloop.net
---
Gerry Reno
Mar 11, 2013, 12:30:01 AM3/11/13
to
On 03/10/2013 10:39 PM, Gerry Reno wrote:
> On 03/10/2013 10:21 PM, Gerry Reno wrote:
>> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
>> still receive this error during the provision:
>>
>> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
>> meet the complexity criteria!
>>
>>
>> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
>>
>>
> When I check the complexity before the provision it is off.
>
> When I check the complexity after the error it is on !!
>
> Something is turning the complexity back on during the provision. BUG
>
>
>
Ok I finally gave up and made something really complex: Administrator1
> On 03/10/2013 10:21 PM, Gerry Reno wrote:
>> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
>> still receive this error during the provision:
>>
>> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
>> meet the complexity criteria!
>>
>>
>> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
>>
>>
> When I check the complexity before the provision it is off.
>
> When I check the complexity after the error it is on !!
>
> Something is turning the complexity back on during the provision. BUG
>
>
>
Boy, we feel really secure now. :rolleyes:
RANT: I wish people would stop all this complexity nonsense and just let people set their passwords how they want to
set them.
Gregory Sloop
Mar 11, 2013, 1:10:01 AM3/11/13
to
GR> Ok I finally gave up and made something really complex: Administrator1
GR> Boy, we feel really secure now. :rolleyes:
GR> RANT: I wish people would stop all this complexity nonsense and
GR> just let people set their passwords how they want to
GR> set them.
I really hope you're venting at Microsoft who set the standard and
which Samba, for FREE, is simply following. It's the exact same setup
as a Windows Server install. You can't turn off the complexity
requirements there before you setup the Admin account either.
Seriously dude. It works just like it does in Windows and clearly you
want it just like Windows or you wouldn't be running an AD provision.
Seems like a lot of venting and gnashing of teeth for an extra couple
of minutes of work. [Not to mention a poke in the Samba Devs' eyes
about what you have not paid a penny for.]
:rolleyes
Gerry Reno
Mar 11, 2013, 11:10:02 AM3/11/13
to
On 03/11/2013 01:09 AM, Gregory Sloop wrote:
> GR> Ok I finally gave up and made something really complex: Administrator1
>
> GR> Boy, we feel really secure now. :rolleyes:
>
>
> GR> RANT: I wish people would stop all this complexity nonsense and
> GR> just let people set their passwords how they want to
> GR> set them.
>
> I really hope you're venting at Microsoft who set the standard
Them and at all orgs that set these kind of ridiculous complexity restrictions. None of which are the same.
> GR> Ok I finally gave up and made something really complex: Administrator1
>
> GR> Boy, we feel really secure now. :rolleyes:
>
>
> GR> RANT: I wish people would stop all this complexity nonsense and
> GR> just let people set their passwords how they want to
> GR> set them.
>
> I really hope you're venting at Microsoft who set the standard
> [Not to mention a poke in the Samba Devs' eyes
> about what you have not paid a penny for.]
>
Andrew Bartlett
Mar 11, 2013, 6:40:01 PM3/11/13
to
On Sun, 2013-03-10 at 22:21 -0400, Gerry Reno wrote:
> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
> still receive this error during the provision:
>
> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
> meet the complexity criteria!
>
>
> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
Just make the password more complex. This is by design, because
> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
> still receive this error during the provision:
>
> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
> meet the complexity criteria!
>
>
> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
provision resets the password complexity settings (and all other
settings).
You may reset the settings and then reset the admin password with
'samba-tool user setpassword administrator' later if you really, really
must so dramatically reduce the security of your network.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Gerry Reno
Mar 11, 2013, 6:40:01 PM3/11/13
to
On 03/11/2013 06:32 PM, Andrew Bartlett wrote:
> On Sun, 2013-03-10 at 22:21 -0400, Gerry Reno wrote:
>> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
>> still receive this error during the provision:
>>
>> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
>> meet the complexity criteria!
>>
>>
>> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
> Just make the password more complex. This is by design, because
> provision resets the password complexity settings (and all other
> settings).
>
> You may reset the settings and then reset the admin password with
> 'samba-tool user setpassword administrator' later if you really, really
> must so dramatically reduce the security of your network.
>
> Andrew Bartlett
>
Thanks Andrew.
> On Sun, 2013-03-10 at 22:21 -0400, Gerry Reno wrote:
>> I am trying to provision my samba 4 domain and even though I have deactivated password complexity using the samba-tool I
>> still receive this error during the provision:
>>
>> ERROR(ldb): uncaught exception - 0000052D: Constraint violation - check_password_restrictions: the password does not
>> meet the complexity criteria!
>>
>>
>> Is this a known issue or do I need to do something else to get this working (not counting making the password more complex)?
> Just make the password more complex. This is by design, because
> provision resets the password complexity settings (and all other
> settings).
>
> You may reset the settings and then reset the admin password with
> 'samba-tool user setpassword administrator' later if you really, really
> must so dramatically reduce the security of your network.
>
> Andrew Bartlett
>
I already did that. My point about password complexity in general is that no two orgs define it by the same criteria.
And that gets annoying after a while.
I set complexity off and set the password using our own complexity. Plenty secure.
Gerry
L.P.H. van Belle
Mar 18, 2013, 5:30:02 AM3/18/13
to
Bit late, i was on holiday.
But.
Password complexity, ...
What is beter...
ThiS1sMyComplexPasw0rdForM3AndNot4You.
or
}W`#t_L=
Wel i choose the first, even there are only char and numbers in that password.
Look here for more info.
http://rumkin.com/tools/password/passchk.php
Louis
>-----Oorspronkelijk bericht-----
>Van: abar...@samba.org [mailto:samba-...@lists.samba.org]
>Namens Andrew Bartlett
>Verzonden: maandag 11 maart 2013 23:32
>Aan: Gerry Reno
>CC: sa...@lists.samba.org
>Onderwerp: Re: [Samba] samba4 provision password complexity error
But.
Password complexity, ...
What is beter...
ThiS1sMyComplexPasw0rdForM3AndNot4You.
or
}W`#t_L=
Wel i choose the first, even there are only char and numbers in that password.
Look here for more info.
http://rumkin.com/tools/password/passchk.php
Louis
>-----Oorspronkelijk bericht-----
>Van: abar...@samba.org [mailto:samba-...@lists.samba.org]
>Namens Andrew Bartlett
>Verzonden: maandag 11 maart 2013 23:32
>Aan: Gerry Reno
>CC: sa...@lists.samba.org
>Onderwerp: Re: [Samba] samba4 provision password complexity error
0 new messages