If you force users to change passwords every 30 days and don't let them reuse you will typically either end up with very weak passwords or people writing their passwords down, and often sticking them on their monitors! Most average users possibly can not remember 'decent' passwords and given a choice typically don't use them. This is exacerbated+++ if they are expected to change them every 30 days. Also if you let users select passwords you will likely end up with a PWD DB full of strings like '123456' 'QWERTY' 'god' 'opensesame' etc. I have used 123456, 234567, 345678, 456789 etc on systems where 1) I did not care much about the system security (probably covers a majority of users) and 2) some genius thought that forcing a change of passwords every 30 days was more secure than a single decent password in the first place.
I don't quite understand how you want the reset to work. I hit 5 wrong passwords and then it resets the password? Doesn't that mean that there is effectively *no password*. If I know a username I just enter 5 wrong passwords, get a reset, and then I'm in.....
The most effective protection against brute forcing passwords is simply to put a 2-5 second delay before retries. Not long enough to annoy the users but long enough to stop automated brute forcing. No lockouts are needed (which are a pain as someone - ie you - has to do the resets)
Oh and as to your question. It sounds as though your samba authentication is working against the Samba passwd file in /etc/smbpasswd. This is a typical *nix passwd file and can be modified using passwd(1) so man it ( you are interested in the -n -x -i and -w options )
cheers
tachyon
s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print
In reply to Re: Samba Reset password
by tachyon
in thread Samba Reset password
by mkirank
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |