I have a policy set for passwords as follows: expiration set at 365 days, min length of 4, history of 1, and the quality check unchecked.
Passwords for users seem to be expiring at a rate far higher than what I have things set for. It seems to either coincide with a PDC reboot and/or around 30 days (not documented). It has happened to me a couple of times.
The user get the expected password expiry info and if the attempt to reset it, UCS wants a complex password with 8 or more characters.

Hello,

are you using Samba 4 in that environment?
If this is the case you have to set values vor password expiration, complexity and other password settings also in samba itself.

To do so, you can use the commandline tool samba-tool:

[code]samba-tool domain passwordsettings --help

for example:

samba-tool domain passwordsettings set --max-pwd-age=365
samba-tool domain passwordsettings set --complexity=off
…
[/code]

With UCS 3.1 the domain settings will be synchronized automatically.

Kind regards,
Tim Petersen

Yes… UCS Samba4 domain. Servers are 3.0.2

So, you are telling me that the that I have to set these settings both from the UCS (UMC) interface and the command line? I have not used Microsoft’s AD tools yet. I assumed that changes from the UMC would be properly set in linux and for the samba4 AD. This is incorrect?

[quote=“jclambert”]
So, you are telling me that the that I have to set these settings both from the UCS (UMC) interface and the command line?[/quote]
That is correct. You have to define the password policies both in UCS and AD - so, UMC and samba-tool.

As already mentioned, the domain policies will be synchronized automatically in UCS 3.1.

Kind regards,
Tim Petersen

Thanks! I appreciate it.
Question: do these settings have to be configured on each Samb4 DC, or just the PDC?

You don’t have to do this on each Samba4 DC - it is sufficient to set it on one Samba 4 DC, e.g. the DC Master.

Kind regards,
Tim Petersen