This article provides guidance on managing password policies, specifically focusing on the UDM-Policy and Samba-Policy configurations. It outlines how to activate and customize password quality checks and Microsoft’s complexity requirements, as well as how these policies interact during user logins and password changes.
UDM-Policy
When the Password quality check is enabled in the UDM-Policy, you can set your own complexity requirements using the UCR variables password/quality/*. For more information on the UCR variables take a look in our handbook.
Samba-Policy
By checking the box Passwords must meet complexity requirements, a Microsoft policy is activated. The information in the question mark pop-up displays the complexity requirements enforced when using this Microsoft policy. These complexity requirements are part of Passfilt.dll and cannot be changed directly.
Interaction between UDM-Policy and Samba-Policy
When Samba is installed, the Samba-Policy takes effect during UMC login and Self-Service login, including when users change their passwords. Only when the password is changed directly in UDM (udm users/user or the user module in UMC) the UDM-Policy will be used.
Password Settings for the User Module in UMC (or udm users/user)
You can determine whether only the settings of the Samba-Policy should apply (setting the variable password/quality/mspolicy to sufficient), or if additionally the settings of the UDM-Policy should be considered (setting the variable to true), which would also take into account self-defined blacklists. In the latter case, the defined password length of the UDM-Policy takes precedence over the Samba-Policy.
UCS@school
If you want to reset the password for a user, the UMC module will prompt you to enter a temporary password, following the UDM-Policy. If the affected user (student, teacher, or employee) logs in with this temporary password and is prompted to create a new private one, the system will check it against the Samba-Policy.
See also: How-to: Configure password history policy for UCS & UCS@school