Carlos Alberto Panozzo Cunha
2022-May-19 11:57 UTC
[Samba] Restrict certain words in passwords
Hi! Sorry, I couldn't understand what you meant, could you explain again? :-D Regards; Em ter., 17 de mai. de 2022 ?s 18:12, Andrew Bartlett <abartlet at samba.org> escreveu:> On Tue, 2022-05-17 at 16:25 -0300, Carlos via samba wrote: > > Hi. I wonder, if is possivel restrict certain words in password of > > users > > ? To dont permissionded user for exemple set "XXXX" in your > > password, > > with "XXX1" or "XXX@" or "123XXX"... > > See 'check password script'. Some have set this up to check against > the master list of known public passwords from haveibeenpwned for > example. Be aware that this overrides the other complexity checks (to > allow you to do that, if you need, eg to allow a passphrase). > > Andrew Bartlett > > -- > Andrew Bartlett (he/him) https://samba.org/~abartlet/ > Samba Team Member (since 2001) https://samba.org > Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba > > Samba Development and Support, Catalyst IT - Expert Open Source > Solutions > >
On Thu, 2022-05-19 at 08:57 -0300, Carlos Alberto Panozzo Cunha via samba wrote:> Hi! > > Sorry, I couldn't understand what you meant, could you explain again? > :-D >Andrew was referring to a parameter in smb.conf 'check password script', read 'man smb.conf' for more information. Rowland
On Thu, May 19, 2022 at 7:59 AM Carlos Alberto Panozzo Cunha via samba <samba at lists.samba.org> wrote:> > Hi! > > Sorry, I couldn't understand what you meant, could you explain again? :-D > > Regards; > > > Em ter., 17 de mai. de 2022 ?s 18:12, Andrew Bartlett <abartlet at samba.org> > escreveu: > > > On Tue, 2022-05-17 at 16:25 -0300, Carlos via samba wrote: > > > Hi. I wonder, if is possivel restrict certain words in password of > > > users > > > ? To dont permissionded user for exemple set "XXXX" in your > > > password, > > > with "XXX1" or "XXX@" or "123XXX"... > > > > See 'check password script'. Some have set this up to check against > > the master list of known public passwords from haveibeenpwned for > > example. Be aware that this overrides the other complexity checks (to > > allow you to do that, if you need, eg to allow a passphrase). > > > > Andrew BartlettCarlos, See this recent conversation: https://lists.samba.org/archive/samba/2022-April/240363.html However, there was some doubt as to whether or not it always works. I haven't had time to troubleshoot this. Jonathon