search

brockrob / OpenPasswordFilter

An open source custom password filter DLL and userspace service to better protect / control Active Directory domain passwords.
GNU General Public License v2.0
17 stars 7 forks source link

Enabling OPF seems like it's enforcing password complexity #5

Open halfaipg opened 6 years ago

halfaipg commented 6 years ago

I am basically trying to create a password policy for my company with the only requirements being that it needs to be 15 characters and no more than 4 repeating characters such as 11111 in a password.

I do not have password complexity enabled in my domain, but when I install OPF, AD won't let me create any passwords unless it meets the standard MS complexity requirements, ie capital letter and special character etc.

brockrob commented 6 years ago

If OPF is the only password filter in play, the reason for rejection will be logged in the application log.

halfaipg commented 6 years ago

All I am seeing is EventID 100, WSACancelBlockingCall and Unable to bind to open port.

AD will let me set passwords that fall inside of MS complexity policy, but it is not enabled in group policy.

halfaipg commented 6 years ago

Any ideas? It seems like it is working, but I do not want users subjected to the complexity requirements. I'm only trying to limit repeating characters in passwords.

brockrob commented 6 years ago

The errors you cite suggest that it's not in fact working, and that's troubling. Can I get a little more detail? What WinServer version are you installing this on?

brockrob commented 6 years ago

You must have complexity enabled somehow if that's what you're experiencing, because it appears based on your error messages that the service is not starting, and if the dll can't reach the service it fails 'open', meaning anything is allowed. I would like to understand why the service is not starting though.

halfaipg commented 6 years ago

Thanks for taking the time to respond, Robert.

I am running Windows Server 2008 R2 domain controllers.

It's very odd. I have verified that password complexity is not enabled on my domain. Basically, I can change an AD password to whatever I want, but as soon as I start the OPF service (it is starting, and stays running), it requires me to use MS complexity requirements.

On Tue, Jul 10, 2018 at 9:21 AM, Robert Brock notifications@github.com wrote:

You must have complexity enabled somehow if that's what you're experiencing, because it appears based on your error messages that the service is not starting, and if the dll can't reach the service it fails 'open', meaning anything is allowed. I would like to understand why the service is not starting though.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/brockrob/OpenPasswordFilter/issues/5#issuecomment-403819642, or mute the thread https://github.com/notifications/unsubscribe-auth/AOHEnEGdFptUSKWAEGQwcTsFlkmddcl3ks5uFKpzgaJpZM4U7dxq .