Problem

I have set a password policy in both Samba and UCR which requires an uppercase letter, a lowercase letter, a number and a special character. When I now click on Change Password in the Univention Portal, the password is accepted even if only three of these guidelines are met. However, I want all four to be fulfilled.

Solution

This is not a mistake but therefore justified that the Self-Service Portal authenticate against Samba in the background and with samba we are “only” Microsoft Windows AD compatible. Microsoft defines it like this:

“Passwords must contain characters from three of the following five categories”

• Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
• Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
• Base 10 digits (0 through 9)
• Nonalphanumeric characters: ~!@#$%^&*_-+=|(){}[]:;"’<>,.?/[`
• Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

Further Information

Please read also: How-to: Align Password Policies across Directory Services