[Samba] Help with cracklib

Iván M. Marzán Rocha ivanm at fadesa.es
Tue Jun 15 17:18:14 GMT 2004

Hi! before nothing, sorry for my english, I hope you understand me.

I've a problem with the new samba 3.0.4-1.12, before I had the version 3.0.2a 
with LDAP
for administrate all the users and when a samba password expired I used the 
"use cracklib"
parameter for force the user to insert a strong password, well now this 
parameter isn't
avaliable and I believe that must make it with the /etc/pam.d/samba file if I 
want to do
the same effect than before, but the line which references to the 
pam_cracklib.so seems
to do nothing and I check that the file is been processed because if I input a 
wrong line
the logs how /var/log/messages or /var/log/samba/log.smbd warns me.

Please I need help!!

My configuration file has:


        workgroup = DOMINFO73
        interfaces =, eth0
        bind interfaces only = Yes
        obey pam restrictions = Yes
        smb passwd file = /etc/samba/smbpasswd %u
        passdb backend = ldapsam:ldap://demonio.servidores.fadesa
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        unix password sync = Yes
        load printers = No
        logon script = inicio.bat
        logon home = \\%N\%U\samba.perfiles
        domain logons = Yes
        domain master = Yes
        ldap suffix = dc=fadesa,dc=es
        ldap machine suffix = ou=maquinas
        ldap user suffix = ou=personas
        ldap group suffix = ou=grupos
        ldap idmap suffix = ou=idmap
        ldap admin dn = cn=manager,dc=fadesa,dc=es
        ldap ssl = no
        ldap passwd sync = Yes
        idmap backend = ldap:ldap://demonio.servidores.fadesa

        comment = Home Directories
        valid users = %S
        read only = No
        browseable = No

        comment = Carpeta p�lica
        path = /tmp/samba.compartida
        read only = No
        guest ok = Yes

        comment = The domain netlogon service
        path = /home/%U/samba.netlogon
        read only = No
        browseable = No

The /etc/pam.d/samba file has these lines:

auth            required        pam_warn.so
auth            requisite       pam_nologin.so
auth            required        pam_unix.so
account         required        pam_warn.so
account         required        pam_unix.so
password        required        pam_warn.so
password        requisite       pam_cracklib.so retry=3
password        required        pam_unix.so shadow md5 use_authtok 
password        required        pam_smbpass.so nullok use_authtok 
session         required        pam_unix.so


Thanks you in advance.

More information about the samba mailing list