similar to: Combining "--complexity=off" and "check password script"

Displaying 20 results from an estimated 7000 matches similar to: "Combining "--complexity=off" and "check password script""

2009 Dec 17
2
samba password complexity help?
Hi there, Here are the facts: - I have samba 3.4.2-0.42.fc11 running on a Fedora 11 system. - Samba is acting as a domain controller, no Windows server involved. - I am using tdbsam. - I need to enforce certain password requirements. The password requirements are: - min 8 characters - expiration 90 days - last 10 passwords may not be reused - not a dictionary word Per the Samba 3.2 FAQ, the
2008 Dec 09
0
check password script
Hi all, I'm quite new to all this, so please go easy on me if I don't quite seem to say the right things. (any advice is good advice) I have a 3.0.14a-debian samba install, with ldap auth using pam_unix (see smb.conf below) We want to implement a few password checks for complexity, so I have written a pretty basic script (see below) which definitely exits 0 on a good password
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H
2018 Jun 21
2
Password complexity checks and local users...
AFAI've understood 'samba-tool domain passwordsettings' set domain password settings, while the GPO equivalent settings is for the client (windows client and server os). Currently i've enabled password complexity checks server side: root at vdcsv1:~# samba-tool domain passwordsettings show Password informations for domain 'DC=ad,DC=fvg,DC=lnf,DC=it' Password
2018 Sep 05
3
Upgraded a member server to 4.8, rfc2307 data?
Mandi! L.P.H. van Belle via samba In chel di` si favelave... > idmap config LNFFVG: unix_primary_group = yes It is needed? AFAI've understood it means that users will have UNIX primary group the windows group and not 'domain users', but reeally i don't need that... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''
2011 Sep 12
1
How to check the password complexity in samba
Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short #
2017 Nov 14
1
Setting up Second Samba DC samba-tool ntacl sysvolreset fails
Mandi! Rowland Penny via samba In chel di` si favelave... > The error you are getting is usually caused by adding GPOs to the first > DC and then NOT copying them to the second DC before running > 'sysvolreset'. The GPOs are also stored in AD, 'sysvolreset' reads AD > to find where the GPOs are supposed to be, but if it cannot find any, > it errors out.
2018 Jan 15
2
Home folder: a simple mapping or something more?
Probably this email is connected with my previous one, about folder redirection. Looking at: https://wiki.samba.org/index.php/User_Home_Folders for AD there's three method to set home folder. ADUC and ldbedit is the same, simply using different interfaces. But setting a folder mapping via GPO, AFAI've understood, it is not exactly the same as setting home folder. Or better, setting a
2012 Feb 14
1
questions about password complexity checking.
Hi Samba folks, I had a couple questions about password complexity checking. To preface, in smb.conf, we set: check password script = /usr/local/sbin/crackcheck -d /usr/share/cracklib/pw_dict Also, if I understand correctly: /usr/local/sbin/crackcheck comes from samba source rpm package. maybe we need to compile it ourselves. /usr/share/cracklib/pw_dict* comes from cracklib-dicts rpm
2020 Jul 07
1
join to ads domain failed
Marco Gaiarin via samba ha scritto il 07/07/20 alle 09:54: > [...] > Seems to me that join succeded. An: > > net ads testjoin Hi Marco, thank you very much; in effect the join seems to be successful: > # net ads teSTJOIN > Join is OK I have started winbind and in effect all seems to works... > Probably is benign, and AFAI've understood caused by NON having the DC >
2020 Nov 12
2
Thunderbird, CSC and files/folder...
[ I don't think it is a samba trouble, but indeed some clue... ] A user of mine have a rather complex Thunderbird local folder email archive, in a network folder (P:\Mail), with CSC enabled (it is a portable system). Rather frequently (at least once a week) in the share a 'disk folder' (a directory) with the same name of the 'file' of the email folder get created. Because
2020 Feb 05
4
Samba, ACLs and 'primary group'...
My previous email on this topic get no answer, i try to explain me better. The problem. Simply i was (ab)used, in my previous samba NT-mode domains, to have file created with the group-owner as the UNIX primary group; now, in AD, files get created group-owned by Windows primary group, eg 'Domain Users'. This simply 'breaks' most of my ACLs setup. I've read:
2018 Aug 29
2
ldbsearch performance and tuning...
Mandi! Andrew Bartlett via samba In chel di` si favelave... > > I'm still on samba4.5, sorry me. > Fix that first. Eh... i hope on this year. > > I've done some (bash) scripting around ldbsearch, but i've found some > > performance and 'lock' trouble. > Correct, Samba before 4.7 has very poor unindexed search performance, > due to a bug.  OK.
2017 Jul 06
1
Domain users with expired account passwords cannot set a new one during login
I'm in the process of setting up a Samba 4 PDC on Debian 8. I've set user passwords to expire after a day for testing purposes. When a user tries to log in when his password has already expired, he only gets a short "The user account has expired." message and then gets sent back to the username/password screen, effectively locking them out. Tested with Windows 10 and Windows 7.
2005 Aug 15
1
enforcing password compexity (check password script, cracklib)
Hello, I would like to enforce some level of password complexity when users change their password. I have a Samba PDC running on Debian set to sync Unix passwords. I'm trying to get Samba to work with cracklib, but it isn't going well. Here is what I've tried: Installed libpam-cracklib, compiled examples/auth/crackcheck and copied the binary to /usr/local/sbin. I added the
2020 Jul 07
4
join to ads domain failed
Hi all, I have a samba AD domain to test to; I don't administer it, I have only an administrator account. I can join without problem win PCs to the domain but I can't linux PCs. If I try to join it I get the error: > # net ads join -U administrator > Enter administrator's password: > Using short domain name -- CSATEST > Joined 'FREERADIUS-CT01' to dns domain
2018 Aug 28
2
ldbsearch performance and tuning...
I'm still on samba4.5, sorry me. I've done some (bash) scripting around ldbsearch, but i've found some performance and 'lock' trouble. a) query seems 'slow'. If i user paged result (--paged) coud achive better performance? It is a 'network' optimization only, right? eg: ldbsearch --paged -H /var/lib/samba/private/sam.ldb ... is totally unuseful, right?
2017 Nov 08
4
Best practice for creating an RO LDAP User in AD...
I dont beleave it. That 5 years old now, normaly i'll dig into it, but exim... I dropped exim about 15 years ago.. First thing i do on debian... apt-get install --purge postfix That installs postfix and removes exim and purges exims config.. ;-) The setup for the Ad in the link below is the same but if you want access without auth, Have you tried to query the GC ports. ( 3268 or 3269
2018 Jul 02
4
Migrate openLDAP into Samba AD
Am 02.07.2018 um 11:01 schrieb Rowland Penny via samba: > On Mon, 2 Jul 2018 10:19:29 +0200 > Jakob Lenfers via samba <samba at lists.samba.org> wrote: > You can extend the schema, Samba even supplies a script to turn > openldap schemas to Active directory ldifs and it has the imaginative > name of 'oLschema2ldif' Thanks, will check it out. >> - Is it feasible
2018 Jun 21
3
Password complexity checks and local users...
Mandi! Rowland Penny via samba In chel di` si favelave... > > But my question really is: why this policy apply, if i've not enabled > > in GPO? > Probably because GPOs have no effect on a Samba AD DC, they will only > effect Windows clients. Rowland, i'm speaking about windows clients, not samba servers! I've enabled 'complexity checks' in samba servers,