[Samba-it] Criteri password samba pdc
Alessio Bottazzi
alessio.bottazzi at bclsnc.191.it
Mon Aug 30 16:56:01 MDT 2004
Ho finito di configurare samba come pdc (uso la ver. 3.0.6), ma facendo
alcune prove sulle password di accesso ho notato che non vengono considerati
i criteri impostati con pam riguardo la complessità delle password.
Inoltre consente di reinserire le password precedentemente utilizzata, cosa
che vorrei impedire per adeguarmi alla legge sulla privacy. Sapete darmi
qualche indicazione su cosa devo modificare per usare le restrizioni
dell'accoppiata passwd + pam?
Questo è il smb.conf che utilizzo:
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2004/08/28 10:36:34
# Global parameters
[global]
workgroup = BCL
server string = Dominio BCL - Samba %v
update encrypted = Yes
client schannel = No
server schannel = No
min passwd length = 8
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log level = 2
log file = /var/log/samba/%m.log
max log size = 100
name resolve order = lmhosts host wins bcast
time server = Yes
unix extensions = No
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
disable spoolss = Yes
mangling method = hash
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false
-M %u
add machine script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -M %u
logon script = netlogon.bat
logon path =
logon home = <file:///\\%25L\%25U\.profile> \\%L\%U\.profile
domain logons = Yes
os level = 128
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = no
pid directory = /var/run/samba
winbind cache time = 15
cups options = raw
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
strict locking = No
[netlogon]
comment = Servizi Accesso Rete
path = /home/netlogon
write list = @admin
browseable = No
[profiles]
comment = Profili Accesso Rete
path = /home/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[homes]
comment = Home Directories
read only = No
only user = Yes
browseable = No
[public]
comment = Public
path = /home/samba
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes
[software]
comment = Software
path = /home/software
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes
[effetti]
comment = Effetti Gx
path = /usr/gx23/effetti
read only = No
guest ok = Yes
[client]
comment = Client Gx
path = /home/client
read only = No
guest ok = Yes
[client23]
comment = Client Gx 2.3
path = /home/client23
read only = No
guest ok = Yes
[d-Copia 20]
comment = Olivetti d-Copia 20
path = /tmp
guest ok = Yes
hosts allow = 192.168.139.0/255.255.255.0
printable = Yes
[Bcl]
comment = Documenti Bcl
path = /home/Bcl
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes
Grazie Alessio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/samba-it/attachments/20040830/0ed335b7/attachment.html>
More information about the samba-it
mailing list