similar to: samba password complexity help?

Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm

Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short #

Hello, I would like to enforce some level of password complexity when users change their password. I have a Samba PDC running on Debian set to sync Unix passwords. I'm trying to get Samba to work with cracklib, but it isn't going well. Here is what I've tried: Installed libpam-cracklib, compiled examples/auth/crackcheck and copied the binary to /usr/local/sbin. I added the

Hallo, we run a Redhat samba 3.5.4 PDC with openldap 2.4 as user/passwordbackend. The ldap also contains the posix information for the users to login to some web/mail/etc. servers. I'm faced with the task to implement a 'both worlds' compatible paswword sync process regarding complexity etc. For the posix account password we use a webfrontend, configure to use pam/cracklib checks

maybe there is a bug regarding the use of nis to mount the user's home directory at the login or my misconfiguration. After the CentOS 6.4 (64bit) installation I checked for the latest samba version on the official repository using yum: the latest version (that was already installed) is samba- 3.6.9-151.el6. >From "man smb.conf" I have seen that "nis homedir" is not yet

Hi there, I switched servers yesterday. The old server was running 2.2.7a-1 on RedHat 8.0. The new server is 3.0.8-0.pre1.3 on Fedora Core 3. I did the migration by copying the following: /etc/passwd /etc/group /etc/shadow /etc/samba/* I then copied /home and fixed all the permissions on stuff. I then started up samba on the new server, and unplugged the old one. Most everything went

I have Samba PDC with an LDAP backend. I just realized that the users can reset their passwords to anything, a single character a space. Is there anyway to prevent this?

Hi, I've got samba3 on ubuntu 12 up and running with one exception. I try to get password complexity working to no avail. I understood I needed crackcheck, which in turn needed to be compiled. I downloaded the samba-doc package, and tried to compile crackcheck with a simple make, but all it returns is failure with the following error: crackcheck.c:6:19: fatal error: crack.h: No such file

I am yet another person who is having a problem with Win98 clients needing to make several attempts before successfully logging in to our Samba box. I get the "broken pipe" message in the smb.log just like everyone else. This did not seem to be a problem until we got a phat broadband connection. All the Windows boxes are set to point to our ISP's DNS. I am not running DNS on the

Nothing fancy, and I've done this before... but today I'm trying to get samba 3.10.5 with tdbsam working on Centos 6.3. iptables is stopped on the samba server. selinux is disabled on the samba server. service smb and nmb are running. samba server has an 'a' record on our dns server. samba server is set to be a wins server. Note- I have ANOTHER wins server on the same subnet for

Hi people! I have a few problems with the password strength in Samba. I have a PDC with LDAP on Debian Stable, with a few packages from backports. The problem is that I can't find a way to enforce strenght to the passwords of the users. I can't define a policy to force things like: number of uppercase letters, number of downcase letters, number of numbers in the password, to check the

Well, I've asked a couple times already but I will ask one more, since I still havent' managed to get any further. We have several sites. Each site has it's own network and domain. We are connected via a WAN. Is the best practice to have one WINS server for each site? Or is a single WINS server for the WAN the way to go? Right now I have a single WINS server for the WAN. I CAN NOT

I'm testing Samba 3.0.3pre2 and am particularly interested in the new --with-cracklib support. I see the configuration directive to enable cracklib functionality in the changelog, but am curious if anyone has any additional documentation. The man pages, etc... appear not to be updated yet. Is there any mechanism for 'tweaking' the password strenth rules, as there is with

Hi all, I'm quite new to all this, so please go easy on me if I don't quite seem to say the right things. (any advice is good advice) I have a 3.0.14a-debian samba install, with ldap auth using pam_unix (see smb.conf below) We want to implement a few password checks for complexity, so I have written a pretty basic script (see below) which definitely exits 0 on a good password

Hi, We upgraded a legacy (NT4) domain from 3.6 series to 4.8 and then 4.9.4 samba version (using sernet subscription packages / debian stable) The setup is composed of 4 DCs with each 2 CPU/16GB RAM. We currently have ~700 user accounts / ~600 computers / ~150 groups Our mail setup, SSO, ... query the 4 DCs constantly. Every 5 to 10 days the RAM consumption and CPU usage (due to kswapd)

Hi folks, I am having a weird problem that I just recently noticed on this particular server runnng Samba 3.0.10 on Fedora Core 3 and am hoping someone could shed some light on this. We're using tdb for our backend database. The user "nsu" is a member of unix group admin. The unix group admin is mapped to "Domain Adminstrators". This works OK, in that when logging in

I also sorted the list. Between libguestfs 1.28 and 1.30, the appliance grew from 95MB to 213MB. Using guestmount and filelight (see link below) I could see that the main contributor was these two directories, which should not be necessary. With this change, the size goes down to 119MB. See also: https://rwmj.wordpress.com/2015/07/23/why-has-the-libguestfs-appliance-grown-by-118-mb/ ---

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

Hi ! I'still running a samba domain controller on a rhel 5 machine, so it is version samba-3.0.33-3.7.el5. Users and accounts are still stored in a ldap database and everything works fine. Now that my setup is complete, I'd like to - force every user of the domain to change their password the next time they open a session on their workstation - be sure that the password is complex

I would like to understand how the "check password script" interacts with enabling/disabling password complexity checks. That is: if I configure     check password script = /usr/local/samba/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict is this called *in addition* to the default complexity checking, or instead of it? And if I set     samba-tool domain passwordsettings set