[Samba] Problem: how to make users use unique passwords

[Konstantin Boyandin]

Hello,

To harden security, I've modified the smbldap-passwd script so that it
update sambaPwdMustChange, sambaKickoffTime and shadowExpire fields;
also, a simple script notifying users with expiration date approaching
has been set up.

I have also added a call to cracklib to check password strength prior to
applying it. It all works well, but the task it to force users to use
unique password every time they have to change it. A typical scenario I
must prevent is this: user change the password for anything temporary,
then changes it back to the one it used (or to a password slightly
different from the one having been used).

Could someone suggest an existing tool to integrate into smbldap-passwd
to prevent using similar or the same passwords?

I can store password hashes somewhere, but it won't prevent me from the
problem when passwords differ just a little.

Any suggestions?
Thanks in advance!

Sincerely,
Konstantin