Displaying 20 results from an estimated 7000 matches similar to: "Combining "--complexity=off" and "check password script""
2009 Dec 17
2
samba password complexity help?
Hi there,
Here are the facts:
- I have samba 3.4.2-0.42.fc11 running on a Fedora 11 system.
- Samba is acting as a domain controller, no Windows server involved.
- I am using tdbsam.
- I need to enforce certain password requirements.
The password requirements are:
- min 8 characters
- expiration 90 days
- last 10 passwords may not be reused
- not a dictionary word
Per the Samba 3.2 FAQ, the
2008 Dec 09
0
check password script
Hi all,
I'm quite new to all this, so please go easy on me if I don't quite seem to
say the right things. (any advice is good advice)
I have a 3.0.14a-debian samba install, with ldap auth using pam_unix (see
smb.conf below)
We want to implement a few password checks for complexity, so I have written
a pretty basic script (see below) which definitely exits 0 on a good
password
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
I'm starting to upgrade my domain members to debian stretch/samba 4.8,
using louis packages.
Domain controllers still on jessie/samba45.
Upgrade went smooth, but after upgrade seems that the DM was not able
anymore to retrieve rfc2307 data, eg:
root at vdmsv2:~# getent passwd gaio
gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false
root at vdmsv2:~# ldbsearch -H
2018 Jun 21
2
Password complexity checks and local users...
AFAI've understood 'samba-tool domain passwordsettings' set domain
password settings, while the GPO equivalent settings is for the client
(windows client and server os).
Currently i've enabled password complexity checks server side:
root at vdcsv1:~# samba-tool domain passwordsettings show
Password informations for domain 'DC=ad,DC=fvg,DC=lnf,DC=it'
Password
2018 Sep 05
3
Upgraded a member server to 4.8, rfc2307 data?
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> idmap config LNFFVG: unix_primary_group = yes
It is needed? AFAI've understood it means that users will have UNIX primary
group the windows group and not 'domain users', but reeally i don't need
that...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
2011 Sep 12
1
How to check the password complexity in samba
Hi all, can someone give a working example for checking the password
complexity in samba?
I have tried the next one
1. Download and extract samba-3.4.15.tar.zg. Go to
samba-3.4.15/examples/auth/crackcheck and compile crackcheck
2. Copy crackcheck binary to the /usr/bin/
3. Check that the program working correctly
# /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict
123
ERR - it is too short
#
2017 Nov 14
1
Setting up Second Samba DC samba-tool ntacl sysvolreset fails
Mandi! Rowland Penny via samba
In chel di` si favelave...
> The error you are getting is usually caused by adding GPOs to the first
> DC and then NOT copying them to the second DC before running
> 'sysvolreset'. The GPOs are also stored in AD, 'sysvolreset' reads AD
> to find where the GPOs are supposed to be, but if it cannot find any,
> it errors out.
2018 Jan 15
2
Home folder: a simple mapping or something more?
Probably this email is connected with my previous one, about folder
redirection.
Looking at:
https://wiki.samba.org/index.php/User_Home_Folders
for AD there's three method to set home folder. ADUC and ldbedit is the
same, simply using different interfaces.
But setting a folder mapping via GPO, AFAI've understood, it is not exactly
the same as setting home folder.
Or better, setting a
2012 Feb 14
1
questions about password complexity checking.
Hi Samba folks,
I had a couple questions about password complexity checking.
To preface, in smb.conf, we set:
check password script = /usr/local/sbin/crackcheck -d
/usr/share/cracklib/pw_dict
Also, if I understand correctly:
/usr/local/sbin/crackcheck comes from samba source rpm package.
maybe we need to compile it ourselves.
/usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm
2020 Jul 07
1
join to ads domain failed
Marco Gaiarin via samba ha scritto il 07/07/20 alle 09:54:
> [...]
> Seems to me that join succeded. An:
>
> net ads testjoin
Hi Marco, thank you very much; in effect the join seems to be successful:
> # net ads teSTJOIN
> Join is OK
I have started winbind and in effect all seems to works...
> Probably is benign, and AFAI've understood caused by NON having the DC
>
2020 Nov 12
2
Thunderbird, CSC and files/folder...
[ I don't think it is a samba trouble, but indeed some clue... ]
A user of mine have a rather complex Thunderbird local folder email
archive, in a network folder (P:\Mail), with CSC enabled (it is a
portable system).
Rather frequently (at least once a week) in the share a 'disk folder' (a
directory) with the same name of the 'file' of the email folder get created.
Because
2020 Feb 05
4
Samba, ACLs and 'primary group'...
My previous email on this topic get no answer, i try to explain me
better.
The problem.
Simply i was (ab)used, in my previous samba NT-mode domains, to have
file created with the group-owner as the UNIX primary group; now, in
AD, files get created group-owned by Windows primary group, eg 'Domain
Users'.
This simply 'breaks' most of my ACLs setup.
I've read:
2018 Aug 29
2
ldbsearch performance and tuning...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> > I'm still on samba4.5, sorry me.
> Fix that first.
Eh... i hope on this year.
> > I've done some (bash) scripting around ldbsearch, but i've found some
> > performance and 'lock' trouble.
> Correct, Samba before 4.7 has very poor unindexed search performance,
> due to a bug.
OK.
2017 Jul 06
1
Domain users with expired account passwords cannot set a new one during login
I'm in the process of setting up a Samba 4 PDC on Debian 8. I've set user passwords to expire after a day for testing purposes. When a user tries to log in when his password has already expired, he only gets a short "The user account has expired." message and then gets sent back to the username/password screen, effectively locking them out. Tested with Windows 10 and Windows 7.
2005 Aug 15
1
enforcing password compexity (check password script, cracklib)
Hello,
I would like to enforce some level of password complexity when users
change their password. I have a Samba PDC running on Debian set to sync
Unix passwords. I'm trying to get Samba to work with cracklib, but it
isn't going well.
Here is what I've tried:
Installed libpam-cracklib, compiled examples/auth/crackcheck and copied
the binary to /usr/local/sbin.
I added the
2020 Jul 07
4
join to ads domain failed
Hi all, I have a samba AD domain to test to; I don't administer it, I
have only an administrator account. I can join without problem win PCs
to the domain but I can't linux PCs. If I try to join it I get the error:
> # net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- CSATEST
> Joined 'FREERADIUS-CT01' to dns domain
2018 Aug 28
2
ldbsearch performance and tuning...
I'm still on samba4.5, sorry me.
I've done some (bash) scripting around ldbsearch, but i've found some
performance and 'lock' trouble.
a) query seems 'slow'. If i user paged result (--paged) coud achive
better performance? It is a 'network' optimization only, right? eg:
ldbsearch --paged -H /var/lib/samba/private/sam.ldb ...
is totally unuseful, right?
2017 Nov 08
4
Best practice for creating an RO LDAP User in AD...
I dont beleave it.
That 5 years old now, normaly i'll dig into it, but exim... I dropped exim about 15 years ago..
First thing i do on debian...
apt-get install --purge postfix
That installs postfix and removes exim and purges exims config.. ;-)
The setup for the Ad in the link below is the same but if you want access without auth,
Have you tried to query the GC ports. ( 3268 or 3269
2018 Jul 02
4
Migrate openLDAP into Samba AD
Am 02.07.2018 um 11:01 schrieb Rowland Penny via samba:
> On Mon, 2 Jul 2018 10:19:29 +0200
> Jakob Lenfers via samba <samba at lists.samba.org> wrote:
> You can extend the schema, Samba even supplies a script to turn
> openldap schemas to Active directory ldifs and it has the imaginative
> name of 'oLschema2ldif'
Thanks, will check it out.
>> - Is it feasible
2018 Jun 21
3
Password complexity checks and local users...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > But my question really is: why this policy apply, if i've not enabled
> > in GPO?
> Probably because GPOs have no effect on a Samba AD DC, they will only
> effect Windows clients.
Rowland, i'm speaking about windows clients, not samba servers!
I've enabled 'complexity checks' in samba servers,