search for: cracklib_dict

...ript output other than exits. Can anyone guide me to the right place? Cracklib.sh script; #!/bin/sh if [ `echo $1 | egrep -e '[A-Z]' | egrep -e '[a-z]' | egrep -e '[0-9]' 2> /dev/null` ]; then echo $1 | /sbin/crackcheck -d /var/cache/cracklib/cracklib_dict 2>& 1> /dev/null exit $? else if [[ `echo $1 | egrep -e '[@#$%^&+=:;!]' 2> /dev/null` && `echo $1 | egrep -e '[0-9]' 2> /dev/null` || `echo $1 | egrep -e '[@#$%^&+=:;!]' 2> /dev/null` && `echo $1 | egrep...

...passwords = yes pam password change = yes passdb backend = ldapsam:"ldap://127.0.0.1 ldap://alem-ldap.jusbaires.gov.ar ldap://alem-systemlog.jusbaires.gov.ar" passwd chat debug = no check password script = /usr/local/bin/crackcheck -d /var/cache/cracklib/cracklib_dict unix charset = 850 dont descend = .recycle delete veto files = yes restrict anonymous = 1 #Profiles stuff logon script = netlogon.%U.bat logon path = \\PDC\profiles\%U logon home = \\PDC\personal logon drive = H: hide files =...

..."maximum password age" -C 90 These items appear to work with no difficulty. However this does not address the dictionary/complexity requirement. I have seen the following suggestion elsewhere on the samba list: check password script = /usr/local/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict I am not able to use this suggestion directly. No file "crackcheck" is present on my system. There is a /usr/sbin/cracklib-check but it seems to work on a file or stream, like grep or something, as opposed to returning a value as a function. And it does not seem to accept a "-d&q...

...-enter*new*password* %n\n *Result**Success**** # Settings to debug passwd chat #passwd chat debug = Yes #debug level = 103 #log level = passdb:5 # Crackcheck settings to allow NT style password complexity checks check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict log level = 2 syslog = 0 log file = /var/log/samba/%m.log max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 #...

...92.168.100.20 192.168.0.21 192.168.100.21         server role check:inhibit=yes         ldap server require strong auth = no         wins support = yes         server role = active directory domain controller         check password script = /usr/local/bin/crackcheck -c -d /var/cache/cracklib/cracklib_dict         idmap_ldb:use rfc2307 = yes         server schannel = auto [netlogon]         path = /var/lib/samba/sysvol/corp.lncsa.com/scripts         read only = No [sysvol]         path = /var/lib/samba/sysvol         read only = No # du -shxc sam.ldb* 4.1M    sam.ldb 132M    sam.ldb.d 136M  ...

...unix password sync = Yes passwd program = /usr/sbin/ldap_userPassword_change %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Result**Success**** # Crackcheck settings to allow NT style password complexity checks check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2" ldap admin dn = cn=Manager,dc=example,dc=org ldap suffix = dc=dc=example,dc=org ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap idmap ba...

I would like to understand how the "check password script" interacts with enabling/disabling password complexity checks. That is: if I configure     check password script = /usr/local/samba/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict is this called *in addition* to the default complexity checking, or instead of it? And if I set     samba-tool domain passwordsettings set --complexity=off with a check password script configured, does this setting disable the check password script as well, or just the built-in complexity che...

I've scoured the mailing list archives and the internet...has anyone actually figured out how to enforce strong passwords when using Samba and LDAP as a PDC? My users are allowed to change their Windows XP passwords, how do I enforce the use of strong passwords (either locally or globally)? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan

Hello, I would like to enforce some level of password complexity when users change their password. I have a Samba PDC running on Debian set to sync Unix passwords. I'm trying to get Samba to work with cracklib, but it isn't going well. Here is what I've tried: Installed libpam-cracklib, compiled examples/auth/crackcheck and copied the binary to /usr/local/sbin. I added the

...n/passwd %u smb ports = 139 strict locking = no lock spin time = 15 lock spin count = 30 veto oplock files = /*.mdb/*.MDB/*.xls/*.XLS/*eudora*/ write cache size = 262144 passwd chat = *new*password* %n\n*new*password* %n\n *changed* check password script = /usr/bin/crackcheck -c -d /usr/lib/cracklib_dict Any ideas? Any help would be appreciated. -- Best regards, L. Fred Nuffer Support Systems Analyst, Senior Parking and Transportation Services Email: fnuffer@email.arizona.edu

...2.168.100.21 >         server role check:inhibit=yes >         ldap server require strong auth = no >         wins support = yes >         server role = active directory domain controller >         check password script = /usr/local/bin/crackcheck -c -d > /var/cache/cracklib/cracklib_dict >         idmap_ldb:use rfc2307 = yes >         server schannel = auto > > [netlogon] >         path = /var/lib/samba/sysvol/corp.lncsa.com/scripts >         read only = No > > [sysvol] >         path = /var/lib/samba/sysvol >         read only = No > >...

...gt; 192.168.100.21 > server role check:inhibit=yes > ldap server require strong auth = no > wins support = yes > server role = active directory domain controller > check password script = /usr/local/bin/crackcheck -c -d > /var/cache/cracklib/cracklib_dict > idmap_ldb:use rfc2307 = yes > server schannel = auto > > [netlogon] > path = /var/lib/samba/sysvol/corp.lncsa.com/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > # du -shx...

...LW-I/Dokumente# Here is my SHORT smb.conf : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [global] workgroup = ZKS server string = obey pam restrictions = Yes passdb backend = ldapsam:"ldap://zksfs.somedomain.de" check password script = /sbin/crackcheck -c -d /var/cache/cracklib/cracklib_dict log level = 0 auth:3 syslog = 1000 syslog only = Yes log file = /var/log/samba/samba.log max log size = 10000 debug pid = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 show add printer wizard = No add machine script = /usr/sbin/smbldap-useradd -t...

...roup ldap machine suffix = ou=computers idmap backend = ldap:ldap://127.0.0.1/ ldap idmap suffix = ou=idMap idmap uid = 40000-50000 idmap gid = 40000-50000 ldap passwd sync = yes check password script = /sbin/crackcheck -c -d /usr/lib64/cracklib_dict MEMBER SERVER Samba 4.1.12 /.14 / 4.5.0 [global] workgroup = DOMAIN realm = DOMAIN #netbios name = %h server string = Samba Server Version %v #security = user security = domain server role = member server ntlm auth = No log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend...

...rfaces = bond0 passdb backend = ldapsam:"ldaps://pri-ldap:636" passwd program = /usr/sbin/ldap_userPassword_change %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Result**Success**** check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict unix password sync = Yes lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 2 syslog = 0 log file = /var/log/samba/%m.log max log size = 100000...

...p = /etc/samba/smbusers wins support = yes #=========Security====================== encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no # obey pam restrictions = yes # check password script = /usr/local/sbin/crackcheck -d /usr/lib/cracklib_dict #---------------LDAP---------------- passdb backend = ldapsam:ldap://127.0.0.1/ ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People lda...

...ebug = No passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = "Changing UNIX password for*\nNew password*" %n\n "*Retype new password*" %n\n" passwd chat timeout = 2 check password script = /usr/sbin/crackcheck -c -d /usr/lib/cracklib_dict username map = password level = 0 username level = 0 unix password sync = Yes ntlm auth = Yes restrict anonymous = Yes lanman auth = No ;ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No...

...t passwords = true >> password server = sam3dc > What sould be the benefit ??? > At first you setup this host as a PDC and then you delegate > to an other password server? > >> check password script = /usr/local/sbin/crackcheck -d >> /var/cache/cracklib/cracklib_dict >> >> unix password sync = No > You should add: > ldap passwd sync = yes > pam password change = yes > to sync windows and unix passwords. > >> log level = 10 auth:5 > tooooooooooooo high > log level = 1 auth:5 > ma...

...suffix = ou=computers > idmap backend = ldap:ldap://127.0.0.1/ > ldap idmap suffix = ou=idMap > idmap uid = 40000-50000 > idmap gid = 40000-50000 > ldap passwd sync = yes > check password script = /sbin/crackcheck -c -d /usr/lib64/cracklib_dict > > > MEMBER SERVER > Samba 4.1.12 /.14 / 4.5.0 > > [global] > > workgroup = DOMAIN > realm = DOMAIN > #netbios name = %h > server string = Samba Server Version %v > #security = user > security = domain > server role = member server > ntlm auth = No >...

...= no > > encrypt passwords = true > password server = sam3dc What sould be the benefit ??? At first you setup this host as a PDC and then you delegate to an other password server? > check password script = /usr/local/sbin/crackcheck -d > /var/cache/cracklib/cracklib_dict > > unix password sync = No You should add: ldap passwd sync = yes pam password change = yes to sync windows and unix passwords. > log level = 10 auth:5 tooooooooooooo high log level = 1 auth:5 makes more sense > syslog = 0 >...