similar to: enforcing password compexity (check password script, cracklib)

Hi there, Here are the facts: - I have samba 3.4.2-0.42.fc11 running on a Fedora 11 system. - Samba is acting as a domain controller, no Windows server involved. - I am using tdbsam. - I need to enforce certain password requirements. The password requirements are: - min 8 characters - expiration 90 days - last 10 passwords may not be reused - not a dictionary word Per the Samba 3.2 FAQ, the

Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm

Hallo, we run a Redhat samba 3.5.4 PDC with openldap 2.4 as user/passwordbackend. The ldap also contains the posix information for the users to login to some web/mail/etc. servers. I'm faced with the task to implement a 'both worlds' compatible paswword sync process regarding complexity etc. For the posix account password we use a webfrontend, configure to use pam/cracklib checks

Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short #

Hi people! I have a few problems with the password strength in Samba. I have a PDC with LDAP on Debian Stable, with a few packages from backports. The problem is that I can't find a way to enforce strenght to the passwords of the users. I can't define a policy to force things like: number of uppercase letters, number of downcase letters, number of numbers in the password, to check the

Hi, I've got samba3 on ubuntu 12 up and running with one exception. I try to get password complexity working to no avail. I understood I needed crackcheck, which in turn needed to be compiled. I downloaded the samba-doc package, and tried to compile crackcheck with a simple make, but all it returns is failure with the following error: crackcheck.c:6:19: fatal error: crack.h: No such file

I'm testing Samba 3.0.3pre2 and am particularly interested in the new --with-cracklib support. I see the configuration directive to enable cracklib functionality in the changelog, but am curious if anyone has any additional documentation. The man pages, etc... appear not to be updated yet. Is there any mechanism for 'tweaking' the password strenth rules, as there is with

I have Samba PDC with an LDAP backend. I just realized that the users can reset their passwords to anything, a single character a space. Is there anyway to prevent this?

Hi, We upgraded a legacy (NT4) domain from 3.6 series to 4.8 and then 4.9.4 samba version (using sernet subscription packages / debian stable) The setup is composed of 4 DCs with each 2 CPU/16GB RAM. We currently have ~700 user accounts / ~600 computers / ~150 groups Our mail setup, SSO, ... query the 4 DCs constantly. Every 5 to 10 days the RAM consumption and CPU usage (due to kswapd)

Hi all, I'm quite new to all this, so please go easy on me if I don't quite seem to say the right things. (any advice is good advice) I have a 3.0.14a-debian samba install, with ldap auth using pam_unix (see smb.conf below) We want to implement a few password checks for complexity, so I have written a pretty basic script (see below) which definitely exits 0 on a good password

Hello all, Can anyone please help out with configuring PAM? I've checked a couple of tutorials online.. though most of them are related to Login though I want to set PAM up for SSH logins... I've set the max erroneous logins to just THREE and even after trying to login with an error pass I still can get in... also is there a way I could enable the PAM module which uses crack library to

Package: logcheck-database Severity: wishlist Tags: patch Please consider applying the attached patch. Logcheck doesn't match lines like the following right now: ---- Jan 26 04:26:29 space-based cracklib: updated dictionary (read/written words: ). ---- /Armin -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'),

CentOS-6.6 Is there any command line program that determines and reports what pam_cracklib.so returns for a given password; subject to variation in the command line options and values provided? For example, assuming a cli driver program called cli_driver_pgm: cli_driver_pgm pam_cracklib.so difok=8 minlen=14 dcredit=3 ucredit=3 lcredit=3 ocredit=3 minclass=2 maxrepeat=3 maxsequence=3

I've scoured the mailing list archives and the internet...has anyone actually figured out how to enforce strong passwords when using Samba and LDAP as a PDC? My users are allowed to change their Windows XP passwords, how do I enforce the use of strong passwords (either locally or globally)? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan

Hi! I've wrote to you on previous occasion but surprisingly nobody seems to have this problem, I don't know if it can be an error mine in the configuration files or if it's a problem in the Samba with cracklib, well I've installed samba 3.0.4 and put in the file /etc/pam.d/samba an entry to the cracklib library but smbd seems to do nothing with this line, I've devel

maybe there is a bug regarding the use of nis to mount the user's home directory at the login or my misconfiguration. After the CentOS 6.4 (64bit) installation I checked for the latest samba version on the official repository using yum: the latest version (that was already installed) is samba- 3.6.9-151.el6. >From "man smb.conf" I have seen that "nis homedir" is not yet

I'm trying to join a Windows PC to a domain. I've got a root user set-up to add machines to the domain. When prompted by windows, I enter in root and the password. But I get a windows error dialog, indicating a user was not found. However, in the samba log file for the machine I'm trying to connect to the domain, I can see that the root user was found in ldap, however, for some

Hi! before nothing, sorry for my english, I hope you understand me. I've a problem with the new samba 3.0.4-1.12, before I had the version 3.0.2a with LDAP for administrate all the users and when a samba password expired I used the "use cracklib" parameter for force the user to insert a strong password, well now this parameter isn't avaliable and I believe that must make it

hai, im still on holiday but i did see some things a bit, also in addition about the smb.conf in classic mode dns forwarder is predecated, so i suggest avoiding the option. this part, you set ssl off but also set the ports to the ssl ports. ldap ssl = off ldap passwd sync = yes /etc/ldap/ldap.conf BASE dc=mydomain URI ldap://sam3dc.mydomain ldap://sam3dc.mydomain:666 use URI

Hello All, Can anyone tell me where i can get a "starter" dictionary for crackcheck? i tried googling this but didn't find anything. tia