samba - Apr 2022 - Password Filtering

On Thu, Apr 7, 2022 at 10:17 AM Jonathon Reinhart
<jonathon.reinhart at gmail.com> wrote:
> I think you're looking for the "check password script" option
in smb.conf:
> https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#idm1543
>
> Here's the "crackcheck" sample program to which the
documentation refers:
> https://gitlab.com/samba-team/samba/-/tree/master/examples/auth/crackcheck
>
> Here's a project of mine that checks samba passwords against the
"Have
> I been Pwned" database (offline):
> https://gitlab.com/JonathonReinhart/passhashdb#use-with-samba
Morning Jonathon,

This is exactly what I was looking for. Much appreciated!


Regards,
Ralph

On Fri, Apr 8, 2022 at 11:08 AM ralph strebbing
<blackbirdralph at gmail.com> wrote:
> On Thu, Apr 7, 2022 at 10:17 AM Jonathon Reinhart
> <jonathon.reinhart at gmail.com> wrote:
> > I think you're looking for the "check password script"
option in smb.conf:
> >
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#idm1543
> >
> > Here's the "crackcheck" sample program to which the
documentation refers:
> >
https://gitlab.com/samba-team/samba/-/tree/master/examples/auth/crackcheck
> >
> > Here's a project of mine that checks samba passwords against the
"Have
> > I been Pwned" database (offline):
> > https://gitlab.com/JonathonReinhart/passhashdb#use-with-samba
Circling back to this discussion now that we've started testing. So
changing the password via the samba-tool password method is invoking
the custom complexity script correctly!
However, it seems that changing the password through windows isn't
invoking the script at all. Any ideas on how to achieve this? Or do we
need to just disable users from being able to change their passwords
to disable that functionality?

Regards,
Ralph