[Samba] password strenght doubt

Guido Lorenzutti guido at lorenzutti.com.ar
Tue Dec 26 22:44:47 GMT 2006 

Maybe I can do this with the "check password script". But I only found 
the cracklib example. Anyone knows a way of doing this? Becouse the 
cracklib example only check agains a dictionary.

Tnxs in advance.


Gary Dale wrote:
> I think you'll find at least some of these are Windows Policies and 
> would not be reflected in the smb.conf file. If you check the Samba 
> Howto collection and the Samba by example documents at samba.org, 
> you'll find examples of how to set some of the policies.
>
> To be honest, I've never gone beyond requiring password changes, 
> minimum lengths and histories.  :)
>
>
> Guido Lorenzutti wrote:
>> Hi people! I have a few problems with the password strength in Samba.
>> I have a PDC with LDAP on Debian Stable, with a few packages from 
>> backports.
>> The problem is that I can't find a way to enforce strenght to the 
>> passwords of the users. I can't define a policy to force things like: 
>> number of uppercase letters, number of downcase letters, number of 
>> numbers in the password, to check the diference between the new and 
>> the old, to store a list of old passwords to check... I mean, things 
>> that are requiered to enforce some policy of security by my company.
>> Bottom line? The users can put his username for password! Not even 
>> that is checked...
>>
>> It's something wrong in my setup or is a feature request? I see min 
>> password length.. but.. the rest?
>>
>>
>> This is the important part of my setup:
>>
>> [global]
>> #Network ID
>>        workgroup = JUSBAIRES
>>        netbios name = PDC
>>        netbios aliases = SERVER
>>        server string =
>>
>> #Logs
>>        debug level = 0
>>        syslog = 0
>>        log level = 0
>>        log file = /var/log/samba/%m.%U.log
>>        max log size = 10000
>>        panic action = /usr/share/samba/panic-action %d
>>
>> #Network Support
>>        name resolve order = wins hosts lmhosts bcast
>>        socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535 
>> IPTOS_LOWDELAY SO_KEEPALIVE
>>        wins support = yes
>>        wins proxy = yes
>>        enhanced browsing = yes
>>        dns proxy = yes
>>        time server = yes
>>        local master = yes
>>        smb ports = 139
>>
>> #LDAP
>>        ldap admin dn = 
>> uid=alem-fs2,ou=security,dc=jusbaires,dc=gov,dc=ar
>>        ldap suffix = dc=jusbaires,dc=gov,dc=ar
>>        ldap group suffix = ou=Group
>>        ldap user suffix = ou=People
>>        ldap machine suffix = ou=alem,ou=Computers
>>        ldap delete dn = no
>>        ldap passwd sync = yes
>>
>> #Printer Options
>>        printcap name = /dev/null
>>        printing = bsd
>>        load printers = no
>>
>> #Security Options
>>        admin users = administrador lgiacchetta
>>        enable privileges = yes
>>        preferred master = yes
>>        lm announce = yes
>>        domain master = yes
>>        domain logons = yes
>>        encrypt passwords = yes
>>        pam password change = yes
>>        passdb backend = ldapsam:"ldap://127.0.0.1 
>> ldap://alem-ldap.jusbaires.gov.ar 
>> ldap://alem-systemlog.jusbaires.gov.ar"
>>        passwd chat debug = no
>>        check password script = /usr/local/bin/crackcheck -d 
>> /var/cache/cracklib/cracklib_dict
>>        unix charset = 850
>>        dont descend = .recycle
>>        delete veto files = yes
>>        restrict anonymous = 1
>>
>> #Profiles stuff
>>        logon script = netlogon.%U.bat
>>        logon path = \\PDC\profiles\%U
>>        logon home = \\PDC\personal
>>        logon drive = H:
>>        hide files = /Desktop.ini/desktop.ini/
>>        hide dot files = yes
>

More information about the samba mailing list