[Samba] password strenght doubt

Guido Lorenzutti guido at lorenzutti.com.ar
Tue Dec 26 17:36:52 GMT 2006 

Hi people! I have a few problems with the password strength in Samba.
I have a PDC with LDAP on Debian Stable, with a few packages from backports.
The problem is that I can't find a way to enforce strenght to the 
passwords of the users. I can't define a policy to force things like: 
number of uppercase letters, number of downcase letters, number of 
numbers in the password, to check the diference between the new and the 
old, to store a list of old passwords to check... I mean, things that 
are requiered to enforce some policy of security by my company.
Bottom line? The users can put his username for password! Not even that 
is checked...

It's something wrong in my setup or is a feature request? I see min 
password length.. but.. the rest?


This is the important part of my setup:

[global]
#Network ID
        workgroup = JUSBAIRES
        netbios name = PDC
        netbios aliases = SERVER
        server string =

#Logs
        debug level = 0
        syslog = 0
        log level = 0
        log file = /var/log/samba/%m.%U.log
        max log size = 10000
        panic action = /usr/share/samba/panic-action %d

#Network Support
        name resolve order = wins hosts lmhosts bcast
        socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535 
IPTOS_LOWDELAY SO_KEEPALIVE
        wins support = yes
        wins proxy = yes
        enhanced browsing = yes
        dns proxy = yes
        time server = yes
        local master = yes
        smb ports = 139

#LDAP
        ldap admin dn = uid=alem-fs2,ou=security,dc=jusbaires,dc=gov,dc=ar
        ldap suffix = dc=jusbaires,dc=gov,dc=ar
        ldap group suffix = ou=Group
        ldap user suffix = ou=People
        ldap machine suffix = ou=alem,ou=Computers
        ldap delete dn = no
        ldap passwd sync = yes

#Printer Options
        printcap name = /dev/null
        printing = bsd
        load printers = no

#Security Options
        admin users = administrador lgiacchetta
        enable privileges = yes
        preferred master = yes
        lm announce = yes
        domain master = yes
        domain logons = yes
        encrypt passwords = yes
        pam password change = yes
        passdb backend = ldapsam:"ldap://127.0.0.1 
ldap://alem-ldap.jusbaires.gov.ar ldap://alem-systemlog.jusbaires.gov.ar"
        passwd chat debug = no
        check password script = /usr/local/bin/crackcheck -d 
/var/cache/cracklib/cracklib_dict
        unix charset = 850
        dont descend = .recycle
        delete veto files = yes
        restrict anonymous = 1

#Profiles stuff
        logon script = netlogon.%U.bat
        logon path = \\PDC\profiles\%U
        logon home = \\PDC\personal
        logon drive = H:
        hide files = /Desktop.ini/desktop.ini/
        hide dot files = yes

More information about the samba mailing list