Please read the documentation. Samba3-HOWTO.pdf is a good start. You can obtain it from: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
The utility you need to master is called 'pdbedit', but before using it please read up on user rights and privileges and on policies. - John T. On Tuesday 26 December 2006 11:36, Guido Lorenzutti wrote: > Hi people! I have a few problems with the password strength in Samba. > I have a PDC with LDAP on Debian Stable, with a few packages from > backports. The problem is that I can't find a way to enforce strenght to > the > passwords of the users. I can't define a policy to force things like: > number of uppercase letters, number of downcase letters, number of > numbers in the password, to check the diference between the new and the > old, to store a list of old passwords to check... I mean, things that > are requiered to enforce some policy of security by my company. > Bottom line? The users can put his username for password! Not even that > is checked... > > It's something wrong in my setup or is a feature request? I see min > password length.. but.. the rest? > > > This is the important part of my setup: > > [global] > #Network ID > workgroup = JUSBAIRES > netbios name = PDC > netbios aliases = SERVER > server string = > > #Logs > debug level = 0 > syslog = 0 > log level = 0 > log file = /var/log/samba/%m.%U.log > max log size = 10000 > panic action = /usr/share/samba/panic-action %d > > #Network Support > name resolve order = wins hosts lmhosts bcast > socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535 > IPTOS_LOWDELAY SO_KEEPALIVE > wins support = yes > wins proxy = yes > enhanced browsing = yes > dns proxy = yes > time server = yes > local master = yes > smb ports = 139 > > #LDAP > ldap admin dn = uid=alem-fs2,ou=security,dc=jusbaires,dc=gov,dc=ar > ldap suffix = dc=jusbaires,dc=gov,dc=ar > ldap group suffix = ou=Group > ldap user suffix = ou=People > ldap machine suffix = ou=alem,ou=Computers > ldap delete dn = no > ldap passwd sync = yes > > #Printer Options > printcap name = /dev/null > printing = bsd > load printers = no > > #Security Options > admin users = administrador lgiacchetta > enable privileges = yes > preferred master = yes > lm announce = yes > domain master = yes > domain logons = yes > encrypt passwords = yes > pam password change = yes > passdb backend = ldapsam:"ldap://127.0.0.1 > ldap://alem-ldap.jusbaires.gov.ar ldap://alem-systemlog.jusbaires.gov.ar"; > passwd chat debug = no > check password script = /usr/local/bin/crackcheck -d > /var/cache/cracklib/cracklib_dict > unix charset = 850 > dont descend = .recycle > delete veto files = yes > restrict anonymous = 1 > > #Profiles stuff > logon script = netlogon.%U.bat > logon path = \\PDC\profiles\%U > logon home = \\PDC\personal > logon drive = H: > hide files = /Desktop.ini/desktop.ini/ > hide dot files = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
