similar to: questions about password complexity checking.

Hi there, Here are the facts: - I have samba 3.4.2-0.42.fc11 running on a Fedora 11 system. - Samba is acting as a domain controller, no Windows server involved. - I am using tdbsam. - I need to enforce certain password requirements. The password requirements are: - min 8 characters - expiration 90 days - last 10 passwords may not be reused - not a dictionary word Per the Samba 3.2 FAQ, the

Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short #

Hello, I would like to enforce some level of password complexity when users change their password. I have a Samba PDC running on Debian set to sync Unix passwords. I'm trying to get Samba to work with cracklib, but it isn't going well. Here is what I've tried: Installed libpam-cracklib, compiled examples/auth/crackcheck and copied the binary to /usr/local/sbin. I added the

maybe there is a bug regarding the use of nis to mount the user's home directory at the login or my misconfiguration. After the CentOS 6.4 (64bit) installation I checked for the latest samba version on the official repository using yum: the latest version (that was already installed) is samba- 3.6.9-151.el6. >From "man smb.conf" I have seen that "nis homedir" is not yet

Hallo, we run a Redhat samba 3.5.4 PDC with openldap 2.4 as user/passwordbackend. The ldap also contains the posix information for the users to login to some web/mail/etc. servers. I'm faced with the task to implement a 'both worlds' compatible paswword sync process regarding complexity etc. For the posix account password we use a webfrontend, configure to use pam/cracklib checks

Hi, I've got samba3 on ubuntu 12 up and running with one exception. I try to get password complexity working to no avail. I understood I needed crackcheck, which in turn needed to be compiled. I downloaded the samba-doc package, and tried to compile crackcheck with a simple make, but all it returns is failure with the following error: crackcheck.c:6:19: fatal error: crack.h: No such file

I have Samba PDC with an LDAP backend. I just realized that the users can reset their passwords to anything, a single character a space. Is there anyway to prevent this?

Hi people! I have a few problems with the password strength in Samba. I have a PDC with LDAP on Debian Stable, with a few packages from backports. The problem is that I can't find a way to enforce strenght to the passwords of the users. I can't define a policy to force things like: number of uppercase letters, number of downcase letters, number of numbers in the password, to check the

Hi all, I'm quite new to all this, so please go easy on me if I don't quite seem to say the right things. (any advice is good advice) I have a 3.0.14a-debian samba install, with ldap auth using pam_unix (see smb.conf below) We want to implement a few password checks for complexity, so I have written a pretty basic script (see below) which definitely exits 0 on a good password

nis works well: #ypcat -k auto.home user1 server1:/path/& autofs works well: #cd /home/user1 (no problem) compliled with "configure --with-automount": #smbd -b| grep -i automount * WITH_AUTOMOUNT WITH_AUTOMOUNT * Why doesn't samba read ypcat auto.home? see below for additional detail,,,,it's a rebus! Let the best man win! :) maybe

Hello, I want to use crackcheck to check password complexity, but users (when password change failed because of complexity check fail) gets only information about valid password length, password history. I think that may be a problem for users. How can I (or Can I?) give them information about expected complexity. I'm almost sure that with NT PDC they would get information about

I would like to understand how the "check password script" interacts with enabling/disabling password complexity checks. That is: if I configure     check password script = /usr/local/samba/sbin/crackcheck -d /var/cache/cracklib/cracklib_dict is this called *in addition* to the default complexity checking, or instead of it? And if I set     samba-tool domain passwordsettings set

Hi, We upgraded a legacy (NT4) domain from 3.6 series to 4.8 and then 4.9.4 samba version (using sernet subscription packages / debian stable) The setup is composed of 4 DCs with each 2 CPU/16GB RAM. We currently have ~700 user accounts / ~600 computers / ~150 groups Our mail setup, SSO, ... query the 4 DCs constantly. Every 5 to 10 days the RAM consumption and CPU usage (due to kswapd)

Hello everybody, we have an annoying problem with our samba server randomly disconnecting the home shares. Our "Application Data" folders as well as "Desktop" are redirected to directories in the user's home folder outside ".profiledata" to avoid the copying during logon /logoff. >From time to time clients get an error message "Delayed Write

I'm testing Samba 3.0.3pre2 and am particularly interested in the new --with-cracklib support. I see the configuration directive to enable cracklib functionality in the changelog, but am curious if anyone has any additional documentation. The man pages, etc... appear not to be updated yet. Is there any mechanism for 'tweaking' the password strenth rules, as there is with

Hello All, Can anyone tell me where i can get a "starter" dictionary for crackcheck? i tried googling this but didn't find anything. tia

I also sorted the list. Between libguestfs 1.28 and 1.30, the appliance grew from 95MB to 213MB. Using guestmount and filelight (see link below) I could see that the main contributor was these two directories, which should not be necessary. With this change, the size goes down to 119MB. See also: https://rwmj.wordpress.com/2015/07/23/why-has-the-libguestfs-appliance-grown-by-118-mb/ ---

Hi all, If I try yum grouplist "FTP Server" I get the next large output: Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: OpenIPMI x86_64

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

seems to mess up the pam for swat. [root at host67 security]# rpm -qf /etc/pam.d/samba samba-3.0.25b-1.el4_6.4 [root at host67 security]# cat /etc/pam.d/samba #auth required /lib/security/pam_stack.so service=system-auth #account required /lib/security/pam_stack.so service=system-auth auth required pam_stack.so service=system-auth account required