Konstantin Boyandin
2011-Jan-13 03:28 UTC
[Samba] Problem: how to make users use unique passwords
Hello, To harden security, I've modified the smbldap-passwd script so that it update sambaPwdMustChange, sambaKickoffTime and shadowExpire fields; also, a simple script notifying users with expiration date approaching has been set up. I have also added a call to cracklib to check password strength prior to applying it. It all works well, but the task it to force users to use unique password every time they have to change it. A typical scenario I must prevent is this: user change the password for anything temporary, then changes it back to the one it used (or to a password slightly different from the one having been used). Could someone suggest an existing tool to integrate into smbldap-passwd to prevent using similar or the same passwords? I can store password hashes somewhere, but it won't prevent me from the problem when passwords differ just a little. Any suggestions? Thanks in advance! Sincerely, Konstantin
Helmut Hullen
2011-Jan-13 07:36 UTC
[Samba] Problem: how to make users use unique passwords
Hallo, Konstantin, Du meintest am 13.01.11:> I have also added a call to cracklib to check password strength prior > to applying it. It all works well, but the task it to force users to > use unique password every time they have to change it. A typical > scenario I must prevent is this: user change the password for > anything temporary, then changes it back to the one it used (or to a > password slightly different from the one having been used).> Could someone suggest an existing tool to integrate into > smbldap-passwd to prevent using similar or the same passwords?Good luck. It's very simple to crack samba passwords ... First you convert (with root rights) the LDAP passdb data to smbpasswd, and then you run "ophcrack". I've done this work on some systems; cracking 400 passwords needed about 4 hours (on slow machines). Yes - I had the rights to do the job ... -------------------------- It's no samba problem, it's an NTLM problem (a Microsoft problem). Viele Gruesse! Helmut
TAKAHASHI Motonobu
2011-Jan-13 18:49 UTC
[Samba] Problem: how to make users use unique passwords
2011/1/13 Konstantin Boyandin <temmokan at gmail.com>: (snip)>It all works well, but the task it to force users to use > unique password every time they have to change it.Use user rights. Perhaps "pdbedit -P 'password history' -C 999" will help you. // "999" is an example of very big number. In source, that value is defined as uint32_t. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>
Seemingly Similar Threads
- PDC (CentOS 5.5, Samba 3.5.6): no domain group names sent to Windows 2003 members
- Windows 10 won't join Samba 3 domain
- Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")
- Authenticating against Samba 4 AD LDAP service
- Windows 10 won't join Samba 3 domain