[Samba] weak passwords
Olivier Nicole
Olivier.Nicole at cs.ait.ac.th
Wed Oct 7 02:38:27 UTC 2015
mourik jan c heupink <heupink at merit.unu.edu> writes:
> Perhaps some kind of tool to test dictionary passwords etc, but
> preferably locally on the /var/lib/samba databases to not lockout the
> accounts due to too many failed passwords.
>
> Suggestions?
I am running a password cracking tool on my authentication server (LDAP
though), anytime there is a change in the LDAP directory, the tool is
launched.
I am using an *old* tool, namely Crack v5.0 by Alec Muffet, that I have
modified to use MD5 (it was written originally to use crypt on a generic
/etc/passwd file).
It is slow, but I have it running only on the subset of the LDAP that
has been modified and as it run in background, I don't really care. At
the begining of each run, I will extract the information from LDAP and
generate a pseudo /etc/password file and compare to the one generated in
the previous run. Only the lines that has changed will be passed to
crack. As crack uses the information in the gecos field to do more
testing, I also try to pack as much as individual information in that field.
Since I have enforced the use of strong password (oppposed to advise
them to use strong passwords) I cannot remember it gave me any positive
result.
It's all but a hack, but it has been running for years.
Best regards,
Olivier
--
More information about the samba
mailing list