search for: crackcheck

...d history" -C 10 # pdbedit -P "maximum password age" -C 90 These items appear to work with no difficulty. However this does not address the dictionary/complexity requirement. I have seen the following suggestion elsewhere on the samba list: check password script = /usr/local/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict I am not able to use this suggestion directly. No file "crackcheck" is present on my system. There is a /usr/sbin/cracklib-check but it seems to work on a file or stream, like grep or something, as opposed to returning a value as a function. And i...

Hi, I've got samba3 on ubuntu 12 up and running with one exception. I try to get password complexity working to no avail. I understood I needed crackcheck, which in turn needed to be compiled. I downloaded the samba-doc package, and tried to compile crackcheck with a simple make, but all it returns is failure with the following error: crackcheck.c:6:19: fatal error: crack.h: No such file or directory I have gcc installed as well as libtool. Where...

Hello All, Can anyone tell me where i can get a "starter" dictionary for crackcheck? i tried googling this but didn't find anything. tia

Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict AV7OaV2BRr Looks good. 4. Add the following line to t...

Hi everyone, I am using crackcheck to enforce password complexity requirements on my PDC.? Windows obeys these password requirements, but the dialog box that pops up doesn't display the correct information.? This posting describes the same issue: http://lists.samba.org/archive/samba/2007-May/131795.html However, I'm no...

Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm package Here are my questions: 1) may we also specify -c along with...

...some level of password complexity when users change their password. I have a Samba PDC running on Debian set to sync Unix passwords. I'm trying to get Samba to work with cracklib, but it isn't going well. Here is what I've tried: Installed libpam-cracklib, compiled examples/auth/crackcheck and copied the binary to /usr/local/sbin. I added the following line to my smb.conf file: check password script = /usr/local/sbin/crackcheck Edited /etc/pam.d/common-password to look like this: password required pam_unix.so nullok obscure min=4 max=8 md5 password required pam_c...

I've scoured the mailing list archives and the internet...has anyone actually figured out how to enforce strong passwords when using Samba and LDAP as a PDC? My users are allowed to change their Windows XP passwords, how do I enforce the use of strong passwords (either locally or globally)? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan

Hello, I want to use crackcheck to check password complexity, but users (when password change failed because of complexity check fail) gets only information about valid password length, password history. I think that may be a problem for users. How can I (or Can I?) give them information about expected complexity. I'm al...

Hallo, we run a Redhat samba 3.5.4 PDC with openldap 2.4 as user/passwordbackend. The ldap also contains the posix information for the users to login to some web/mail/etc. servers. I'm faced with the task to implement a 'both worlds' compatible paswword sync process regarding complexity etc. For the posix account password we use a webfrontend, configure to use pam/cracklib checks

I have Samba PDC with an LDAP backend. I just realized that the users can reset their passwords to anything, a single character a space. Is there anyway to prevent this?

...password sync = Yes passwd program = /usr/sbin/ldap_userPassword_change %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Result**Success**** # Settings to debug passwd chat #passwd chat debug = Yes #debug level = 103 #log level = passdb:5 # Crackcheck settings to allow NT style password complexity checks check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict log level = 2 syslog = 0 log file = /var/log/samba/%m.log max log size = 100000 time server = Yes socket options = TCP_...

I'm setting up password complexity requirements on our Samba server, using the "check password script" option, the provided crackcheck.c program, and the "min password length" account policy. Everything works; however, the error message that a Windows client gets when a new password fails to pass crackcheck is not terribly helpful: "Your password must be at least 8 characters, cannot repeat any of your previous 0...

Hello, I want to use crackcheck to check password complexity, but users (when password change failed) gets only information about valid password length, password history. I think that may be a problem for users. How can I (or Can I?) give them information about expected complexity. Crackcheck exits with error -4, and writes inf...

...cript as stdin. I /dev/null any script output other than exits. Can anyone guide me to the right place? Cracklib.sh script; #!/bin/sh if [ `echo $1 | egrep -e '[A-Z]' | egrep -e '[a-z]' | egrep -e '[0-9]' 2> /dev/null` ]; then echo $1 | /sbin/crackcheck -d /var/cache/cracklib/cracklib_dict 2>& 1> /dev/null exit $? else if [[ `echo $1 | egrep -e '[@#$%^&+=:;!]' 2> /dev/null` && `echo $1 | egrep -e '[0-9]' 2> /dev/null` || `echo $1 | egrep -e '[@#$%^&+=:;!]' 2> /...

...domain logons = yes encrypt passwords = yes pam password change = yes passdb backend = ldapsam:"ldap://127.0.0.1 ldap://alem-ldap.jusbaires.gov.ar ldap://alem-systemlog.jusbaires.gov.ar" passwd chat debug = no check password script = /usr/local/bin/crackcheck -d /var/cache/cracklib/cracklib_dict unix charset = 850 dont descend = .recycle delete veto files = yes restrict anonymous = 1 #Profiles stuff logon script = netlogon.%U.bat logon path = \\PDC\profiles\%U logon home = \\PDC\personal...

...Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes encrypt passwords = Yes # unix password sync = Yes passwd program = /usr/sbin/ldap_userPassword_change %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Result**Success**** # Crackcheck settings to allow NT style password complexity checks check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2" ldap admin dn = cn=Manager,dc=example,dc=org ldap suffix = dc=dc=example,dc=org ldap group suff...

...msdpl,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap ldap timeout = 50 idmap backend = ldap:ldap://mydomain.com idmap uid = 10000-20000 idmap gid = 10000-20000 check password script = /usr/local/bin/crackcheck -s map acl inherit = yes winbind use default domain = yes template shell = /bin/false # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba-3c/lib/netlogon/scripts guest ok = yes browseab...

...        dns forwarder = 192.168.0.20 192.168.100.20 192.168.0.21 192.168.100.21         server role check:inhibit=yes         ldap server require strong auth = no         wins support = yes         server role = active directory domain controller         check password script = /usr/local/bin/crackcheck -c -d /var/cache/cracklib/cracklib_dict         idmap_ldb:use rfc2307 = yes         server schannel = auto [netlogon]         path = /var/lib/samba/sysvol/corp.lncsa.com/scripts         read only = No [sysvol]         path = /var/lib/samba/sysvol         read only = No # du -shxc sam.ldb*...

I would like to understand how the "check password script" interacts with enabling/disabling password complexity checks. That is: if I configure     check password script = /usr/local/samba/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict is this called *in addition* to the default complexity checking, or instead of it? And if I set     samba-tool domain passwordsettings set --complexity=off with a check password script configured, does this setting disable the check password script as wel...