[Samba] Enforce strong passwords?

Andrew Bartlett abartlet at samba.org
Wed Oct 26 11:29:43 GMT 2005

On Tue, 2005-10-25 at 18:07 -0600, John H Terpstra wrote:
> On Tuesday 25 October 2005 17:58, Charles Marcus wrote:
> > Is there any way to do this with Samba and LDAP?
> >
> > What I'd like is to be able to, at a minimum, force minimum password
> > length, mixture of letters and numbers, and at least two 'special
> > characters'...
> >
> > Is this doable with Samba using LDAP for authentication? If not, is it
> > doable using other authentication means?
> Yes, it can be done with Samba-3 using either the tdbsam or the ldapsam passdb 
> backend. I would recommend that you use Samba-3.0.21 that will soon be 
> released as it has a number of refinements to assist in the implementation 
> and management of password controls.

See in particular

       check password script = /usr/local/bin/crackcheck
-d /usr/lib/cracklib_dict

(where crackcheck was compiled from the code in examples/auth in the
samba tarball).

This checks against cracklib, which is very painful, exactly the way you
want it to be :-)

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051026/fc4a2836/attachment.bin

More information about the samba mailing list