Re: [Samba] Forcing Users to change passwords.
Does anyone know of an add-on you can use with a Windows domain to check the security of the password before it allows a change? With a terminal server system I had, the server complained if the password was too close to a dictionary word, too close to the student login, 7 digits (i.e., looked like a phone number), etc. I'm sure my students (I teach high school, too) have picked really bad passwords, too, but I have no good way to enforce the picking of good ones. Todd On Dec 12, 2003, at 3:30 AM, Ross McInnes (Systems) wrote: i totally agree. unfortunatly my user base is mostly 16-18 year olds. getting them to put anything other than thier football team, phone number or boyfriend/girlfriend's name is quite a task in it self. Many Thanks Ross McInnes On Wed, 10 Dec 2003, Todd O'Bryan wrote: What's the latest research on this? I heard it's better to make users pick something secure and stick with it, because if you force people to change, they're likely to pick less secure passwords and do stupid things with them, like write them down or something. Changing every 3 months doesn't seem terrible, but it's still a big pain. Todd O'Bryan On Dec 10, 2003, at 8:28 AM, Ross McInnes (Systems) wrote: Recently we were audited and as part of that they looked at our systems and policies etc and produced a report. As part of that report they mentioned about forcing users to change thier passwords every 90 days or so. They also mentioned about disabling accounts after 3 login attempts. Im pretty sure both can be done on NT, but id rather stick with rh and samba thanks ever so much. Can samba does these things? even if its a tinkering kind of job? Many thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing Users to change passwords.
What's the latest research on this? I heard it's better to make users pick something secure and stick with it, because if you force people to change, they're likely to pick less secure passwords and do stupid things with them, like write them down or something. Changing every 3 months doesn't seem terrible, but it's still a big pain. Todd O'Bryan On Dec 10, 2003, at 8:28 AM, Ross McInnes (Systems) wrote: Recently we were audited and as part of that they looked at our systems and policies etc and produced a report. As part of that report they mentioned about forcing users to change thier passwords every 90 days or so. They also mentioned about disabling accounts after 3 login attempts. Im pretty sure both can be done on NT, but id rather stick with rh and samba thanks ever so much. Can samba does these things? even if its a tinkering kind of job? Many thanks Ross McInnes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Starting with Samba - first impressions
So the SWAT thing is not just me. Several people have written with this same problem over the past few weeks and if anyone has solved it they haven't sent the solution to the list. I wish someone in the know who has an hour to kill (OK, I realize I've just described the empty set.) would install RH9 and go from a clean install to getting SWAT to work and document what they did. Clearly, one cannot follow the How-To's anywhere and have this work. And most of us who are having the problem are clueless enough that we don't know what to do next if the directions get followed and the results don't happen as expected. Todd On Nov 21, 2003, at 1:00 AM, Fran Fabrizio wrote: I promised John yesterday that I would document my experiences as I tried to convert this ugly two-headed network I've inherited (see thread titled Having Samba integrate/replace existing mixed Unix/Windows network from yesterday) into an easy-to-manage Samba-based network. I took the first baby steps and I thought that it would be interesting/useful to post semi-regularly here so that those of you who are also looking to get started with Samba can see what someone else is going through, and those of you who are so close to the project that you might take some things for granted can see some of the issues that one user is dealing with. :-) If this isn't useful for anyone, I'll stop sending them. Anyhow, here's day one --- Day 1 - Creating a testbed, installing Samba, and a quick proof-of-concept I've decided that for my testbed I would use a laptop running linux as my Samba server, and I would use VMWare to put an instance of Win XP Pro as my client. This way, I have a self-contained Samba network in a laptop that can travel with me and does not rely on any network connectivity to develop the Samba environment. I thought this would be an easy part but one of the Redhat 9 ISOs that I downloaded from linuxiso had a corrupted package (disk 2, the xpdf package - two separate downloads, two separate burns on two different computers, and both had the same flaw), followed by one XP Pro VMWare install hang in the middle. As a result, it was nearly 5pm before I had the OSes installed correctly and was ready to download Samba. Hopped onto samba.org and downloaded the 3.0.0 source. Before unpacking, I removed all Redhat RPMs for samba. I then proceeded to follow the instructions in the Using Samba book to do my config and install. Knowing that down the road I wanted to play with all sorts of authentication options, I chose to configure Samba with PAM, LDAP, NIS+ as well as smbwrapper and smbmount and automount and syslog. Configuration and build went fine, except it took forever (maybe 30 minutes) on the laptop so I hope I don't have to do this too often. Install went fine. I followed the book and created a small smb.conf that simply creates a share called test (/usr/local/samba/tmp). I dropped a test file in there. I then tried to see how the same thing would look from SWAT Bump #1. I followed the book. I checked /etc/services for the swat entry (it was there already). I then added a swat file to /etc/xinetd.d/ directory as per the book. /bin/kill -HUP -a xinetd. Logs show that it restarted ok. Open browser, go to http://localhost:901/, it spins for a while, then connection refused. Try again, connection refused. Double-check all files, notice that the path the book had me enter (/usr/local/samba/bin/swat) is wrong - it's /usr/local/samba/sbin/swat. Fix this, try again, connection refused. Send more HUP signals to xinetd, nothing seems to work. netstat doesn't indicate anything listening on port 901. I never did get Swat running but I am a text config kind of guy anyhow and I was anxious to get on, so I put it aside for another day after about 15 minutes and a coupel of fruitless google searches. I fired up the daemons and they started fine. I did an smbclient -U% -L localhost a few times, the test share was listed, everything looked just like the book said it would except (Bump #2) where it says Master next to Workgroup it was always blank. This was disconcerting but I decided to press on. (About 10 minutes later I tried it again, and it was now listed as the laptop's name. I guess it just takes a while to make itself known) The book suggested that I create a user on the Windows client specifically for testing, so I created a user/pass of samba/samba. I then remembered to go back to the Samba server and add this with smbpasswd (I guess this is what is referred to as the matching encrypted passwords issue). I hit Bump #3 here. I would try smbpasswd -a samba, enter in the password, and it would tell me that it failed to initialise a SAM_ACCOUNT. After about 5 tries of this, I googled again, and learned
[Samba] RedHat 9 Samba and SWAT
Hi all, I've googled and discovered that others have had this problem, but no one has given sufficient details about how they solved it, so I'm still stuck. As preface, I'm a high school teacher, and although I teach programming, my sysadmin experience is minimal, so please be explicit in your replies. I've been following the instructions in the O'Reilly Samba book for configuring, compiling, and installing Samba, but seem to hit a snag when it comes time to get SWAT working. Is it just me, or has swat moved from /usr/local/samba/bin/swat to /usr/local/samba/sbin/swat in the 3.0 default install? I've tried changing that in the xinetd.d/swat file, and I think it leads to the second error below. Anyway, I do what it says, and I get Connection refused errors when I try to connect to http://localhost:901;. After playing with things for a while, I managed to get it to say Document contains no data. I look in the Services panel, and it says swat needs xinetd to run. Meanwhile, xinetd says it's running and has a PID. I've seen this question several times, but there is no recipe for resolving it anywhere that I can find. A link to a How-To would be great. Failing that, if someone who knows what they're doing has time to step through the RedHat 9.0/Samba 3.0 install, it's clear that the published How-To (both in the O'Reilly book and in the Samba documentation) don't quite work, either because paths have changed or steps were left out. Fixing these would make my life easier and avert a not so inFAQ. Thanks, Todd P.S. If I'm doing something really stupid, please let me know. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba