[Samba] Samba, ldap, password complexity, cracklib - questions

Adam Tauno Williams awilliam at whitemice.org
Thu Feb 2 08:08:55 MST 2012


On Thu, 2012-02-02 at 15:00 +0100, Götz Reinicke wrote:
> --------------ms020400080806080209020400
> Content-Type: text/plain; charset=ISO-8859-15
> Content-Transfer-Encoding: quoted-printable
> 
> Hallo,
> 
> we run a Redhat samba 3.5.4 PDC with openldap 2.4 as
> user/passwordbackend. The ldap also contains the posix information for
> the users to login to some web/mail/etc. servers.
> 
> I'm faced with the task to implement a 'both worlds' compatible paswword
> sync process regarding complexity etc.
> 
> For the posix account password we use a webfrontend, configure to use
> pam/cracklib checks which works fine. E.g. 'hello' is NOT allowed as
> password :-)
> 
> Checking the password change from a windows 7 / XP notebook reveals,
> that there is not such a complexity check used. E.g. 'hello' IS allowed
> as a users password. :-(
> 
> Password syncing (posix <-> windows) works. That means changing from the
> web or windows changes both ldap entries.
> My question: can someone point me to some docs or can someone explain
> how I can use (the same/a) camplexity check when changing passwords from
> windows?

check password script = /usr/local/sbin/crackcheck -c -s

Not sure where I got crackcheck from;  it is a compiled binary.

-- 
System & Network Administrator [ LPI & NCLA ]
<http://www.whitemiceconsulting.com>
OpenGroupware Developer <http://www.opengroupware.us>
Adam Tauno Williams



More information about the samba mailing list