[Samba] Strong Password Enforcement (Windows-side)
Christopher Coyle
ccoyle at commu-tech.net
Thu Oct 2 23:30:44 GMT 2003
Yes.. cracklib support in Samba would be fantastic.
In the meantime I've settled on doing weak password auditting on a weekly
basis using John the Ripper, then having a lil' word with silly users.. :)
-- Cybr0t McWhulf
On Thu, 2 Oct 2003, Adam Williams wrote:
> > Before I begin, big thanks to John Terpstra for helping me out with my
> > previous issues.
> > But alas I have another issue, I need to enforce strong passwords on
> > windows side (i.e. ctrl+alt+delete change password), minimum password
> > length, can't be dictionary words, etc. etc.
>
> You can specify minimum password length, but not much beyond that.
> There is a section of the Samba code that says "insert cracklib support
> here". I'd image that is what we all want to see happen.
>
> > (Setup is Samba 3.0.0 as PDC with LDAP passdb)
>
> Same here.
>
> > >From what I undersatnd previously this could've been done using
> > pam_smbpass or a policy pushed out from netlogon, but I'm dealing with a
> > mixed environment of 2k/XP, and I read that nt4 policies don't work with
> > XP. And it would appear that when using ldap password sync it bypasses
> > pam(?).
>
> Yes, it does.
>
> > Also I've seen alot about Group Policy Editor, but it seems that's only
> > useful if you're using AD.
> > Is this perhaps the direction pdbedit is going towards? it would be quite
> > nifty to have a single command to edit (or generate) domain policies. It
> > seemed to work with altering the minimum password length, but it only goes so
> > far.
>
> I think cracklib support in Samba is what we want.
>
More information about the samba
mailing list