[Samba] Password Filtering

Jonathon Reinhart jonathon.reinhart at gmail.com
Thu Apr 7 14:17:21 UTC 2022

On Thu, Apr 7, 2022 at 9:32 AM ralph strebbing via samba
<samba at lists.samba.org> wrote:
> Morning all,
> So doing the google-foo this morning, I'm coming up empty on a decent
> way to handle custom password filtering with Samba, so I figured I'd
> ask here how to approach this.
> What we wish to do is implement some way to prevent users from using
> certain passwords via the Windows Security Change Password screen. On
> a windows environment, from what I'm reading, this is achieved via
> Password Filters DLLs that you can install and register on the domain
> controller. So my question is how to go about implementing something
> like that on our Samba AD DC setup? Or is there another way to
> approach this problem entirely that I'm not aware of?
> Any advice is appreciated!
> Regards,
> Ralph

Hi Ralph,

I think you're looking for the "check password script" option in smb.conf:

Here's the "crackcheck" sample program to which the documentation refers:

Here's a project of mine that checks samba passwords against the "Have
I been Pwned" database (offline):

Hope this helps,

More information about the samba mailing list