similar to: Samba, ldap, password complexity, cracklib - questions

Hello, I would like to enforce some level of password complexity when users change their password. I have a Samba PDC running on Debian set to sync Unix passwords. I'm trying to get Samba to work with cracklib, but it isn't going well. Here is what I've tried: Installed libpam-cracklib, compiled examples/auth/crackcheck and copied the binary to /usr/local/sbin. I added the

Hi there, Here are the facts: - I have samba 3.4.2-0.42.fc11 running on a Fedora 11 system. - Samba is acting as a domain controller, no Windows server involved. - I am using tdbsam. - I need to enforce certain password requirements. The password requirements are: - min 8 characters - expiration 90 days - last 10 passwords may not be reused - not a dictionary word Per the Samba 3.2 FAQ, the

Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm

Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short #

Hi, I'm looking for a procedure (on paper first) to provide users on hosts session keys to login to servers providing services like file, print or even access to internet or a sql db. The first step is that user has to authenticate on the local host via password. Paswword and usernames are centrally managed via ldap (or simular). The second step is that the user on host logs in to the CA

Hi, I've got samba3 on ubuntu 12 up and running with one exception. I try to get password complexity working to no avail. I understood I needed crackcheck, which in turn needed to be compiled. I downloaded the samba-doc package, and tried to compile crackcheck with a simple make, but all it returns is failure with the following error: crackcheck.c:6:19: fatal error: crack.h: No such file

I have Samba PDC with an LDAP backend. I just realized that the users can reset their passwords to anything, a single character a space. Is there anyway to prevent this?

Hello, I want to use crackcheck to check password complexity, but users (when password change failed because of complexity check fail) gets only information about valid password length, password history. I think that may be a problem for users. How can I (or Can I?) give them information about expected complexity. I'm almost sure that with NT PDC they would get information about

Hi people! I have a few problems with the password strength in Samba. I have a PDC with LDAP on Debian Stable, with a few packages from backports. The problem is that I can't find a way to enforce strenght to the passwords of the users. I can't define a policy to force things like: number of uppercase letters, number of downcase letters, number of numbers in the password, to check the

I'm testing Samba 3.0.3pre2 and am particularly interested in the new --with-cracklib support. I see the configuration directive to enable cracklib functionality in the changelog, but am curious if anyone has any additional documentation. The man pages, etc... appear not to be updated yet. Is there any mechanism for 'tweaking' the password strenth rules, as there is with

Hi! I've wrote to you on previous occasion but surprisingly nobody seems to have this problem, I don't know if it can be an error mine in the configuration files or if it's a problem in the Samba with cracklib, well I've installed samba 3.0.4 and put in the file /etc/pam.d/samba an entry to the cracklib library but smbd seems to do nothing with this line, I've devel

Package: logcheck-database Severity: wishlist Tags: patch Please consider applying the attached patch. Logcheck doesn't match lines like the following right now: ---- Jan 26 04:26:29 space-based cracklib: updated dictionary (read/written words: ). ---- /Armin -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'),

Hi! before nothing, sorry for my english, I hope you understand me. I've a problem with the new samba 3.0.4-1.12, before I had the version 3.0.2a with LDAP for administrate all the users and when a samba password expired I used the "use cracklib" parameter for force the user to insert a strong password, well now this parameter isn't avaliable and I believe that must make it

Hello All, Can anyone tell me where i can get a "starter" dictionary for crackcheck? i tried googling this but didn't find anything. tia

I've scoured the mailing list archives and the internet...has anyone actually figured out how to enforce strong passwords when using Samba and LDAP as a PDC? My users are allowed to change their Windows XP passwords, how do I enforce the use of strong passwords (either locally or globally)? -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan

Hi, We upgraded a legacy (NT4) domain from 3.6 series to 4.8 and then 4.9.4 samba version (using sernet subscription packages / debian stable) The setup is composed of 4 DCs with each 2 CPU/16GB RAM. We currently have ~700 user accounts / ~600 computers / ~150 groups Our mail setup, SSO, ... query the 4 DCs constantly. Every 5 to 10 days the RAM consumption and CPU usage (due to kswapd)

Hi all, I'm quite new to all this, so please go easy on me if I don't quite seem to say the right things. (any advice is good advice) I have a 3.0.14a-debian samba install, with ldap auth using pam_unix (see smb.conf below) We want to implement a few password checks for complexity, so I have written a pretty basic script (see below) which definitely exits 0 on a good password

I would like to understand how the "check password script" interacts with enabling/disabling password complexity checks. That is: if I configure     check password script = /usr/local/samba/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict is this called *in addition* to the default complexity checking, or instead of it? And if I set     samba-tool domain passwordsettings set

maybe there is a bug regarding the use of nis to mount the user's home directory at the login or my misconfiguration. After the CentOS 6.4 (64bit) installation I checked for the latest samba version on the official repository using yum: the latest version (that was already installed) is samba- 3.6.9-151.el6. >From "man smb.conf" I have seen that "nis homedir" is not yet

Hi. I was wondering a couple things relating to PAM authentication: 1. I found that expired passwords caused authentication failure, rather than the expected behaviour of forcing a paswword change. After perusing the auth-pam.c file (as it appears in openssh-3.4p1), I found that the reason is that the case for the relevant return value (PAM_AUTHTOKEN_REQD) from pam_acct_mgmt is wrapped