Götz Reinicke
2012-Feb-02 14:00 UTC
[Samba] Samba, ldap, password complexity, cracklib - questions
Hallo, we run a Redhat samba 3.5.4 PDC with openldap 2.4 as user/passwordbackend. The ldap also contains the posix information for the users to login to some web/mail/etc. servers. I'm faced with the task to implement a 'both worlds' compatible paswword sync process regarding complexity etc. For the posix account password we use a webfrontend, configure to use pam/cracklib checks which works fine. E.g. 'hello' is NOT allowed as password :-) Checking the password change from a windows 7 / XP notebook reveals, that there is not such a complexity check used. E.g. 'hello' IS allowed as a users password. :-( Password syncing (posix <-> windows) works. That means changing from the web or windows changes both ldap entries. My question: can someone point me to some docs or can someone explain how I can use (the same/a) camplexity check when changing passwords from windows? Thanks a lot and best regards . G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke at filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: J?rgen Walter MdL Staatssekret?r im Ministerium f?r Wissenschaft, Forschung und Kunst Baden-W?rttemberg Gesch?ftsf?hrer: Prof. Thomas Schadt
Adam Tauno Williams
2012-Feb-02 15:08 UTC
[Samba] Samba, ldap, password complexity, cracklib - questions
On Thu, 2012-02-02 at 15:00 +0100, G?tz Reinicke wrote:> --------------ms020400080806080209020400 > Content-Type: text/plain; charset=ISO-8859-15 > Content-Transfer-Encoding: quoted-printable > > Hallo, > > we run a Redhat samba 3.5.4 PDC with openldap 2.4 as > user/passwordbackend. The ldap also contains the posix information for > the users to login to some web/mail/etc. servers. > > I'm faced with the task to implement a 'both worlds' compatible paswword > sync process regarding complexity etc. > > For the posix account password we use a webfrontend, configure to use > pam/cracklib checks which works fine. E.g. 'hello' is NOT allowed as > password :-) > > Checking the password change from a windows 7 / XP notebook reveals, > that there is not such a complexity check used. E.g. 'hello' IS allowed > as a users password. :-( > > Password syncing (posix <-> windows) works. That means changing from the > web or windows changes both ldap entries. > My question: can someone point me to some docs or can someone explain > how I can use (the same/a) camplexity check when changing passwords from > windows?check password script = /usr/local/sbin/crackcheck -c -s Not sure where I got crackcheck from; it is a compiled binary. -- System & Network Administrator [ LPI & NCLA ] <http://www.whitemiceconsulting.com> OpenGroupware Developer <http://www.opengroupware.us> Adam Tauno Williams
Giles Coochey
2012-Feb-02 15:15 UTC
[Samba] Samba, ldap, password complexity, cracklib - questions
On 2012-02-02 15:08, Adam Tauno Williams wrote:> > check password script = /usr/local/sbin/crackcheck -c -s > > Not sure where I got crackcheck from; it is a compiled binary. >I think you got it from the samba tar ball: https://lists.samba.org/archive/samba/2011-September/164089.html -- Message sent via my webmail account.