[Samba] password strenght doubt

Gary Dale garydale at torfree.net
Tue Dec 26 18:17:51 GMT 2006


I think you'll find at least some of these are Windows Policies and 
would not be reflected in the smb.conf file. If you check the Samba 
Howto collection and the Samba by example documents at samba.org, you'll 
find examples of how to set some of the policies.

To be honest, I've never gone beyond requiring password changes, minimum 
lengths and histories.  :)


Guido Lorenzutti wrote:
> Hi people! I have a few problems with the password strength in Samba.
> I have a PDC with LDAP on Debian Stable, with a few packages from 
> backports.
> The problem is that I can't find a way to enforce strenght to the 
> passwords of the users. I can't define a policy to force things like: 
> number of uppercase letters, number of downcase letters, number of 
> numbers in the password, to check the diference between the new and 
> the old, to store a list of old passwords to check... I mean, things 
> that are requiered to enforce some policy of security by my company.
> Bottom line? The users can put his username for password! Not even 
> that is checked...
>
> It's something wrong in my setup or is a feature request? I see min 
> password length.. but.. the rest?
>
>
> This is the important part of my setup:
>
> [global]
> #Network ID
>        workgroup = JUSBAIRES
>        netbios name = PDC
>        netbios aliases = SERVER
>        server string =
>
> #Logs
>        debug level = 0
>        syslog = 0
>        log level = 0
>        log file = /var/log/samba/%m.%U.log
>        max log size = 10000
>        panic action = /usr/share/samba/panic-action %d
>
> #Network Support
>        name resolve order = wins hosts lmhosts bcast
>        socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535 
> IPTOS_LOWDELAY SO_KEEPALIVE
>        wins support = yes
>        wins proxy = yes
>        enhanced browsing = yes
>        dns proxy = yes
>        time server = yes
>        local master = yes
>        smb ports = 139
>
> #LDAP
>        ldap admin dn = uid=alem-fs2,ou=security,dc=jusbaires,dc=gov,dc=ar
>        ldap suffix = dc=jusbaires,dc=gov,dc=ar
>        ldap group suffix = ou=Group
>        ldap user suffix = ou=People
>        ldap machine suffix = ou=alem,ou=Computers
>        ldap delete dn = no
>        ldap passwd sync = yes
>
> #Printer Options
>        printcap name = /dev/null
>        printing = bsd
>        load printers = no
>
> #Security Options
>        admin users = administrador lgiacchetta
>        enable privileges = yes
>        preferred master = yes
>        lm announce = yes
>        domain master = yes
>        domain logons = yes
>        encrypt passwords = yes
>        pam password change = yes
>        passdb backend = ldapsam:"ldap://127.0.0.1 
> ldap://alem-ldap.jusbaires.gov.ar ldap://alem-systemlog.jusbaires.gov.ar"
>        passwd chat debug = no
>        check password script = /usr/local/bin/crackcheck -d 
> /var/cache/cracklib/cracklib_dict
>        unix charset = 850
>        dont descend = .recycle
>        delete veto files = yes
>        restrict anonymous = 1
>
> #Profiles stuff
>        logon script = netlogon.%U.bat
>        logon path = \\PDC\profiles\%U
>        logon home = \\PDC\personal
>        logon drive = H:
>        hide files = /Desktop.ini/desktop.ini/
>        hide dot files = yes



More information about the samba mailing list