thr3ads.net - samba - [Samba] tdbsam (local) to ldap (tdbldap) backend migration causes pam restrictions not to work anymore? [Jan 2005]

If this information is useful, please help other people find it:
Share via:

Bostjan Müller

2005-Jan-21 10:46 UTC

[Samba] tdbsam (local) to ldap (tdbldap) backend migration causes pam restrictions not to work anymore?

Hi,

I am using samba 3.0.10 on Debian and have had my users in tdbsam
backend untill now.
They have had the ability to change their unix password along with
samba password and besides that I was able to apply some PAM
restrictions to the users password strength via pam_cracklib.so
library.

I have now moved the users into ldap and auth works ok, but I cannot
change users password and still have the password restrictions set (or
can I)?

My previous setup was like this:
smb.conf:
  encrypt passwords = yes
  obey pam restrictions = yes
  passwd chat debug = yes
  smb passwd file = /etc/samba/smbpasswd
  unix password sync = Yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*

/etc/pam.d/samba:
auth           required        pam_unix.so nullok
account                required        pam_unix.so
session                required        pam_unix.so
password      required      pam_cracklib.so minlen=20 ocredit=5
ucredit=3 dcredit=3 lcredit=1
password       required        pam_unix.so

Now I have changed the part in smb.conf to be like this:
passwd program = /usr/bin/ldappasswd -D cn=root,dc=neonatus,dc=net -x
-w 'password_for_root_user' -S uid=%u,ou=People,dc=neonatus,dc=net
passwd chat = *New*password*%n\n*new*password*%n\n

I can however use the 
ldap password sync = yes
and users can change passwords than, but again no pam restriction is
applied (no restriction but password length).

What I would need to have is:
- remember 5 last passwords
- have the ability to force use of letters and numbers in passwords
- force minimal length.

I can do the last, but don't know how to force the other .

I would appreciate any help.

Regards,
Bostjan
-- 
buhdej evridej

Chris Snider

2005-Jan-21 22:24 UTC

head link

[Samba] tdbsam (local) to ldap (tdbldap) backend migration causespam restrictions not to work anymore?

> What I would need to have is:
> - remember 5 last passwords
> - have the ability to force use of letters and numbers in passwords
> - force minimal length.
Read the man pages for pdbedit.  You will be able to do 2 of the 3 using
pdbedit.  The force use of strong passwords isn't implemented yet although I
believe(don't quote me) they will be adding that feature in later releases. 

Chris

Seemingly Similar Threads

Search for more reasonably related threads

samba - Jan 2005 - tdbsam (local) to ldap (tdbldap) backend migration causes pam restrictions not to work anymore?

[Samba] tdbsam (local) to ldap (tdbldap) backend migration causes pam restrictions not to work anymore?

[Samba] tdbsam (local) to ldap (tdbldap) backend migration causespam restrictions not to work anymore?

Seemingly Similar Threads