When a user on one of our Windows clients hits ctrl-alt-delete to change his password, our Samba domain controller is notified and performs the password change.
Unfortunately, the group policy rule requiring password complexity is ignored. Further, we recently began implementing kerberos, and samba isn't set up to update the principals.
I feel that the simplest way to fix this would be to disable password changes from our Windows clients on the domain (users can use our web services to change passwords instead).
What's the simplest way to implement this? Hopefully in the smb.conf.
Best Answer
If you have a mechanism for updating the registry on the Windows Computers you can set the
DWORD value to 1 in:and
This will disable the change password button, in the Windows Security Dialog box.