6.4. Password settings for Windows clients when using Samba#

With the Samba domain object, one can set the password requirements for logins to Windows clients in a Samba domain.

The Samba domain object is managed via the UMC module LDAP directory. It can be found in the samba container below the LDAP base and carries the domain’s NetBIOS name.

The settings of the Samba domain object and the policy (see User password management) should be set identically, otherwise different password requirements will apply for logins to Windows and UCS systems.

Table 6.6 General tab#

Attribute

Description

Password length

The minimum number of characters for a user password.

Password history

The latest password changes are saved in the form of hashes. These passwords can then not be used by the user as a new password when setting a new password. With a password history of five, for example, five new passwords must be set before a password can be reused.

Minimum password age

The period of time set for this must have at least expired since the last password change before a user can reset their password again.

Maximum password age

Once the saved period of time has elapsed, the password must be changed again by the user the next time they sign in. If the value is left blank, the password is infinitely valid.