HPE Community
Operating System - HP-UX
1819794 Members
3541 Online
109607 Solutions
New Discussion юеВ

samba : minimum 8 character password.

 
SOLVED
Go to solution
Richard Price_1
Advisor

тАО05-04-2005 03:21 AM

тАО05-04-2005 03:21 AM

samba : minimum 8 character password.

I'm using samba with hp-ux 11.23. I'm using the version of samba that comes with the operating system.
The system is a trusted system.

I want to set and verify passwords on the unix system itself i.e. I don't want to use the local windows domain.

How can I make sure that the users have to use at least 8 character passwords.

With my current smb.conf "min passwd length = 8" doesn't seem to be effective.

"min passwd length", according to the man pages, applies to the unix password. Can I have "unix password sync = yes" and "encrypt password - yes" or are these mutually exclusive ?

I there any way I can get samba to simply use the unix passwd database ?


This is my current - fairly simple - smb.conf

[global]
unix password sync = no
encrypt passwords = yes
min passwd length = 8

[homes]
; comment = Home Directories
guest ok = no
read only = no
; browseable = no

Regards,

Richard Price
0 Kudos
Reply
8 REPLIES 8
Andre Thompson_1
Frequent Advisor

тАО05-05-2005 01:55 AM

тАО05-05-2005 01:55 AM

Re: samba : minimum 8 character password.

Hi Richard

The samba passwords are not stored in /etc/passwd. Rather it is stored in /var/opt/samba/private/smbpasswd.

You add samba passwords to users using the following command:

/opt/samba/bin/smbpasswd -a username

To sync Unix passwords with the samba passwords use:

unix password sync = Yes

- Andre
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-05-2005 07:19 PM

тАО05-05-2005 07:19 PM

Re: samba : minimum 8 character password.

I think command you are looking for is

# pdbedit -P "min password length" -C 8
0 Kudos
Reply
Richard Price_1
Advisor

тАО05-11-2005 04:03 AM

тАО05-11-2005 04:03 AM

Re: samba : minimum 8 character password.

Thanks Ermin. I've had a quick read up on pdbedit and it looks useful.
However I don't think that command is available on my system.
I'm using the default version of CIFS that comes with 11.23 which is
CIFS A.01.11.02
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-11-2005 04:15 AM

тАО05-11-2005 04:15 AM

Re: samba : minimum 8 character password.

I don't know how to enforce the length limit.

I do not believe that min passwd length and unix password synch and encrypt password are mutually exclusive.

/opt/samba/bin/smbpasswd username password

for each user you want in the samba password database.

You can enforce password length on the OS level by having an /etc/default/security file.

Attaching an example.

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-11-2005 11:04 AM

тАО05-11-2005 11:04 AM

Re: samba : minimum 8 character password.

pdbedit doesn't exist in Samba version 2, which is what HP's CIFS A.01.11.02 is based on.

This command was introduced with Samba version 3. You can download CIFS server A.02.01.01, which should include the command from

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B8725AA
0 Kudos
Reply
Richard Price_1
Advisor

тАО05-11-2005 08:57 PM

тАО05-11-2005 08:57 PM

Re: samba : minimum 8 character password.

Thanks Ermin,
I had already tried installing that kit. It said there were 2 missing dependencies...

KRB5-Client.KRB5-SHLIB,r>=B.11.2*.%
LdapUxClient.LDAP-C-SDK,r>=B.03.20.%

I found and installed KRB5, but can't find
LdapUxClient.

I don't really want to go down the LDAP route if I can avoid it. Maybe I can't.
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-12-2005 12:18 AM

тАО05-12-2005 12:18 AM

Solution

Re: samba : minimum 8 character password.

LDAP-UX client software, which includes the required fileset, can be found here

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J4269AA

Otherwise, you can get samba source and compile it yourself.
Reply
Richard Price_1
Advisor

тАО05-12-2005 03:02 AM

тАО05-12-2005 03:02 AM

Re: samba : minimum 8 character password.

Thanks Erin,

I've successfully installed the new version of CIFS (in essence samba 3).
Now "min passwd length = 8 " just works !

I didn't even need to use the pdbedit command.

This what I get now if I try and set a password with less than 8 chars...
_____________________________________
$ smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:

machine 127.0.0.1 rejected the (anonymous) password change: Error was : Password restriction.
Failed to change password for pricer
_____________________________________

...and my smb.conf is still very simple...

[global]
invalid users = root bin daemon adm sync shutdown halt mail news uucp operator
min passwd length = 8
encrypt passwords = yes


Thanks very much for your help everyone.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.