similar to: Samba/Cracklib Documentation?

I have a member server that is constantly querying the LDAP server with - (&(objectClass=sambaDomain)(sambaDomainName=SARDINE)) - when security=domain and workgroup=backbone. The server DOES authenticate domain users, and everything seems to work, but this draining resources. This is RH9, Samba 3.0.3pre2 (although I'm pretty certain I saw this on 3.0.2) and OpenLDAP openldap-2.1.25-1

Hallo, we run a Redhat samba 3.5.4 PDC with openldap 2.4 as user/passwordbackend. The ldap also contains the posix information for the users to login to some web/mail/etc. servers. I'm faced with the task to implement a 'both worlds' compatible paswword sync process regarding complexity etc. For the posix account password we use a webfrontend, configure to use pam/cracklib checks

Hello, I would like to enforce some level of password complexity when users change their password. I have a Samba PDC running on Debian set to sync Unix passwords. I'm trying to get Samba to work with cracklib, but it isn't going well. Here is what I've tried: Installed libpam-cracklib, compiled examples/auth/crackcheck and copied the binary to /usr/local/sbin. I added the

My PDC is a Samba-3.0.3pre2/LDAPSAM/Redhat box. I'd like to restrict logon access to a specific workstation to members of a given group. My initial throught was to specify a "valid users=@group" in the globals section of an included file (smb.conf.%m kind of thing). Only this doesn't seem to do anything; valid users is a share only directive? Is there anyway to limit logon

Hi! I've wrote to you on previous occasion but surprisingly nobody seems to have this problem, I don't know if it can be an error mine in the configuration files or if it's a problem in the Samba with cracklib, well I've installed samba 3.0.4 and put in the file /etc/pam.d/samba an entry to the cracklib library but smbd seems to do nothing with this line, I've devel

Hi! before nothing, sorry for my english, I hope you understand me. I've a problem with the new samba 3.0.4-1.12, before I had the version 3.0.2a with LDAP for administrate all the users and when a samba password expired I used the "use cracklib" parameter for force the user to insert a strong password, well now this parameter isn't avaliable and I believe that must make it

Package: logcheck-database Severity: wishlist Tags: patch Please consider applying the attached patch. Logcheck doesn't match lines like the following right now: ---- Jan 26 04:26:29 space-based cracklib: updated dictionary (read/written words: ). ---- /Armin -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'),

Is there anyway to expire password for windows clients with a Samba (in my case recent alpha version)? I found a post the TNG parameter "password expire time = 10" but a "strings smbd | grep expire" didn't turn in up in the binary. Anyone have any ideas if this is possble (I see it posted frequently to the archives, but no answers). Systems and Network Administrator

Hi there, Here are the facts: - I have samba 3.4.2-0.42.fc11 running on a Fedora 11 system. - Samba is acting as a domain controller, no Windows server involved. - I am using tdbsam. - I need to enforce certain password requirements. The password requirements are: - min 8 characters - expiration 90 days - last 10 passwords may not be reused - not a dictionary word Per the Samba 3.2 FAQ, the

Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm

openldap-2.3.27-8.el5_2.4,samba3-3.2.8-38 An smbpasswd by root to change a user's password fails with: [root@littleboy samba]# smbpasswd adam New SMB password: Retype new SMB password: ldapsam_modify_entry: LDAP Password could not be changed for user adam: Internal (implementation specific) error password hash failed Failed to modify entry for user adam. Failed to modify password entry for

I use log.%M to get per client logs. This works but I always end up with - [root@littleboy root]# cd /var/log/samba [root@littleboy samba]# ls -l log.pc01699 -rw-r--r-- 1 root root 2642617 Nov 12 07:30 log.pc01699 [root@littleboy samba]# host pc01699 pc01699.morrison.iserv.net has address 192.168.19.191 [root@littleboy samba]# host 192.168.19.191 191.19.168.192.in-addr.arpa domain

This seems to be common thread on the list, but I'm pulling my hair out and have to ask.. I've been following a couple of guides and using AD to authenticate users on my linux system. These include the ubuntu guide -- https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto - https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member -

I have a situation where I want to do some authentication via ntlm_auth on my DC. I've tested this on my test box (a domain member) and it works perfectly. On domain member - tor:~ # /usr/bin/ntlm_auth --username=adam --domain=BACKBONE --password=******** NT_STATUS_OK: Success (0x0) On domain controller - littleboy:~ # /usr/bin/ntlm_auth --username=adam --domain=BACKBONE

I also sorted the list. Between libguestfs 1.28 and 1.30, the appliance grew from 95MB to 213MB. Using guestmount and filelight (see link below) I could see that the main contributor was these two directories, which should not be necessary. With this change, the size goes down to 119MB. See also: https://rwmj.wordpress.com/2015/07/23/why-has-the-libguestfs-appliance-grown-by-118-mb/ ---

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short #

Hi ! I'still running a samba domain controller on a rhel 5 machine, so it is version samba-3.0.33-3.7.el5. Users and accounts are still stored in a ldap database and everything works fine. Now that my setup is complete, I'd like to - force every user of the domain to change their password the next time they open a session on their workstation - be sure that the password is complex

On Mon, 19 Sep 2016 10:50:25 -0400 Adam Tauno Williams via samba <samba at lists.samba.org> wrote: > On Mon, 2016-09-19 at 10:45 -0400, Adam Tauno Williams via samba > wrote: > > Since upgrading S4 DCs I am see the following message in log.samba - > > The message "Unable to fetch value for secret BCKUPKEY_13bb48fc-0844 > > -4736-9972-e26453333856, are we an

I know, but I want to say that samba manage machine group same as a other group, not for Domain Users and Domain Admin group. You can create a group for machine account but, I think that actually is not very important for samba domain. I can be mistaken. ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman