[Samba] password strenght doubt

John H Terpstra jht at primastasys.com
Tue Dec 26 18:45:46 GMT 2006 

Please read the documentation. Samba3-HOWTO.pdf is a good start. You can 
obtain it from: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf

The utility you need to master is called 'pdbedit', but before using it please 
read up on user rights and privileges and on policies.

- John T.

On Tuesday 26 December 2006 11:36, Guido Lorenzutti wrote:
> Hi people! I have a few problems with the password strength in Samba.
> I have a PDC with LDAP on Debian Stable, with a few packages from
> backports. The problem is that I can't find a way to enforce strenght to
> the
> passwords of the users. I can't define a policy to force things like:
> number of uppercase letters, number of downcase letters, number of
> numbers in the password, to check the diference between the new and the
> old, to store a list of old passwords to check... I mean, things that
> are requiered to enforce some policy of security by my company.
> Bottom line? The users can put his username for password! Not even that
> is checked...
>
> It's something wrong in my setup or is a feature request? I see min
> password length.. but.. the rest?
>
>
> This is the important part of my setup:
>
> [global]
> #Network ID
>         workgroup = JUSBAIRES
>         netbios name = PDC
>         netbios aliases = SERVER
>         server string =
>
> #Logs
>         debug level = 0
>         syslog = 0
>         log level = 0
>         log file = /var/log/samba/%m.%U.log
>         max log size = 10000
>         panic action = /usr/share/samba/panic-action %d
>
> #Network Support
>         name resolve order = wins hosts lmhosts bcast
>         socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535
> IPTOS_LOWDELAY SO_KEEPALIVE
>         wins support = yes
>         wins proxy = yes
>         enhanced browsing = yes
>         dns proxy = yes
>         time server = yes
>         local master = yes
>         smb ports = 139
>
> #LDAP
>         ldap admin dn = uid=alem-fs2,ou=security,dc=jusbaires,dc=gov,dc=ar
>         ldap suffix = dc=jusbaires,dc=gov,dc=ar
>         ldap group suffix = ou=Group
>         ldap user suffix = ou=People
>         ldap machine suffix = ou=alem,ou=Computers
>         ldap delete dn = no
>         ldap passwd sync = yes
>
> #Printer Options
>         printcap name = /dev/null
>         printing = bsd
>         load printers = no
>
> #Security Options
>         admin users = administrador lgiacchetta
>         enable privileges = yes
>         preferred master = yes
>         lm announce = yes
>         domain master = yes
>         domain logons = yes
>         encrypt passwords = yes
>         pam password change = yes
>         passdb backend = ldapsam:"ldap://127.0.0.1
> ldap://alem-ldap.jusbaires.gov.ar ldap://alem-systemlog.jusbaires.gov.ar"
>         passwd chat debug = no
>         check password script = /usr/local/bin/crackcheck -d
> /var/cache/cracklib/cracklib_dict
>         unix charset = 850
>         dont descend = .recycle
>         delete veto files = yes
>         restrict anonymous = 1
>
> #Profiles stuff
>         logon script = netlogon.%U.bat
>         logon path = \\PDC\profiles\%U
>         logon home = \\PDC\personal
>         logon drive = H:
>         hide files = /Desktop.ini/desktop.ini/
>         hide dot files = yes

More information about the samba mailing list