On Thu, 2012-08-30 at 14:59 +0000, Thomas Mueller wrote: > Am Thu, 30 Aug 2012 14:07:00 +0000 schrieb Thomas Mueller: > > > Am Thu, 30 Aug 2012 13:45:50 +0000 schrieb Thomas Mueller: > > > > > >> # kpasswd Password for user@TEST.DOMAIN: > >> Enter new password: > >> Enter it again: > >> Password change rejected: Password must be at least 7 characters long, > >> and cannot match any of your 24 previous passwords > > > > OK, it's not a kpasswd problem. Changing the password from windows (ctrl > > - > > alt -del -> change password) brings up the same message. > > > > - Thomas > > and finally found the root cause: > > the default password policy is set to a minimal password age of 1 day
Samba generates that message, so if you want to patch source4/kdc/kpasswd.c to give a better message, you would be most welcome. The restrictions are implemented in source4/dsdb/samdb/ldb_modules/password_hash.c. We could either try and send back a better string from there, or at least use the string sent back already (without the windows error code on the front). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba