[Samba] password strenght doubt

Tue, 26 Dec 2006 10:00:41 -0800 

Hi people! I have a few problems with the password strength in Samba.
I have a PDC with LDAP on Debian Stable, with a few packages from backports.
The problem is that I can't find a way to enforce strenght to the passwords of the users. I can't define a policy to force things like: number of uppercase letters, number of downcase letters, number of numbers in the password, to check the diference between the new and the old, to store a list of old passwords to check... I mean, things that are requiered to enforce some policy of security by my company. Bottom line? The users can put his username for password! Not even that is checked... 


It's something wrong in my setup or is a feature request? I see min 
password length.. but.. the rest?



This is the important part of my setup:

[global]
#Network ID
       workgroup = JUSBAIRES
       netbios name = PDC
       netbios aliases = SERVER
       server string =

#Logs
       debug level = 0
       syslog = 0
       log level = 0
       log file = /var/log/samba/%m.%U.log
       max log size = 10000
       panic action = /usr/share/samba/panic-action %d

#Network Support
       name resolve order = wins hosts lmhosts bcast

       socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535 
IPTOS_LOWDELAY SO_KEEPALIVE

       wins support = yes
       wins proxy = yes
       enhanced browsing = yes
       dns proxy = yes
       time server = yes
       local master = yes
       smb ports = 139

#LDAP
       ldap admin dn = uid=alem-fs2,ou=security,dc=jusbaires,dc=gov,dc=ar
       ldap suffix = dc=jusbaires,dc=gov,dc=ar
       ldap group suffix = ou=Group
       ldap user suffix = ou=People
       ldap machine suffix = ou=alem,ou=Computers
       ldap delete dn = no
       ldap passwd sync = yes

#Printer Options
       printcap name = /dev/null
       printing = bsd
       load printers = no

#Security Options
       admin users = administrador lgiacchetta
       enable privileges = yes
       preferred master = yes
       lm announce = yes
       domain master = yes
       domain logons = yes
       encrypt passwords = yes
       pam password change = yes

       passdb backend = ldapsam:"ldap://127.0.0.1 
ldap://alem-ldap.jusbaires.gov.ar ldap://alem-systemlog.jusbaires.gov.ar";

       passwd chat debug = no

       check password script = /usr/local/bin/crackcheck -d 
/var/cache/cracklib/cracklib_dict

       unix charset = 850
       dont descend = .recycle
       delete veto files = yes
       restrict anonymous = 1

#Profiles stuff
       logon script = netlogon.%U.bat
       logon path = \\PDC\profiles\%U
       logon home = \\PDC\personal
       logon drive = H:
       hide files = /Desktop.ini/desktop.ini/
       hide dot files = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






















					Reply via email to