Password config available?

NethServer Version: 7.8.2003
Module: base

Is there a conf file or way to adjust the password requirements on the tool? We don’t need the ‘similar’ password requirement.

I’m not aware of a “similar” requirement. There is an “equal” requirement, that you enter the same password twice to make sure you typed it correctly–is that what you’re referring to?

The only adjustment I’m aware of is to have the password policy strong or weak.

The tools checks against your AD password history and, while we’re good with disallowing password reuse, the tool here won’t let you use something that’s similar. Ex: CorrectBatteryHorseStaple5% is too similar to CorrectBatteryHorseStaple5$, though our AD rule would allow that.

When “Require strong passwords” is enabled and Active Directory is used, the password history is set to the default of 24.

If Samba Active Directory is installed, also the system will enable password history

If you like strong passwords without password history:

nsdc-run -- samba-tool domain passwordsettings set --history-length=0

Check settings:

nsdc-run -- samba-tool domain passwordsettings show


[09:45 root@SERVER ~] > nsdc-run -- samba-tool domain passwordsettings show
-bash: nsdc-run: command not found

Is there another suggestion? Find also didn’t find the command, or the samba-tool command.

Strange, do you use local AD account provider?

nsdc-run runs commands in the samba container.


I saw you used remote AD over a Win 2016 Server, is it still this configuration?
I guess the password policy in this case is managed by the Windows Server, I did not find history handling in the user settings code.

Yes, this is the same server. I determined that there was a config problem with dnsmasq and once I corrected that, the problem with logging in and changing passwords was eliminated, but now there is te issue of similarities to old passwords. That’s not in our AD GPOs and there’s no password object defined via dsac.

I think I still got the test VMs, I am going to try to reproduce it…I’ll report when I find something.


The only workaround I found is to comment out the password quality check in /usr/libexec/nethserver/api/system-password/check-pwquality.from line 55 to 61.

new = lines[1]

# execute pwquality checkes
#    pw_quality = pwquality.PWQSettings()
#    pw_quality.read_config()
#    pw_quality.check(new, old, None)
#except pwquality.PWQError as (e, msg):
#    print(msg)
#    sys.exit(1)

1 Like

What quality is left at this point, or will it match to the AD? If it matches to AD, does that AD need the object defined in DSAC?

Yes, it should match to AD. You do not need extra objects in AD.

Thanks, @mrmarkuz!

1 Like