KEMBAR78
Samba 4 | PDF | File Transfer Protocol | Password
Scribd
Upload
169 views3 pages

Samba 4

The document discusses configuring password complexity settings in Samba 4 and Samba 3. In Samba 4, it uses samba-tool commands to disable and then enable password expiration, complexity, history, minimum age, and maximum age at the domain level. In Samba 3, it uses pdbedit commands to set the minimum password length, history, maximum age, minimum age, bad lockout attempts, and lockout duration. It also discusses adding a script to check password complexity and enabling these policies in the smb.conf file. The document then discusses how to create an FTP user, including inserting a user into the database, creating a profile file to set permissions and root directory, and removing an FTP user.

Uploaded by

Alejandro Òkànràn Sode
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
169 views3 pages

Samba 4

The document discusses configuring password complexity settings in Samba 4 and Samba 3. In Samba 4, it uses samba-tool commands to disable and then enable password expiration, complexity, history, minimum age, and maximum age at the domain level. In Samba 3, it uses pdbedit commands to set the minimum password length, history, maximum age, minimum age, bad lockout attempts, and lockout duration. It also discusses adding a script to check password complexity and enabling these policies in the smb.conf file. The document then discusses how to create an FTP user, including inserting a user into the database, creating a profile file to set permissions and root directory, and removing an FTP user.

Uploaded by

Alejandro Òkànràn Sode
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

*****************************************************************************************************

*
Hailitar Complejidad de Contrasea en Samba 4
*
*****************************************************************************************************
#Disable password expiration for the Administrator account.
samba-tool user setexpiry Administrator --noexpiry
#Show domain level password options.
samba-tool domain passwordsettings show
#Disable password complexity at the domain level.
samba-tool domain passwordsettings set --complexity=of
#Disable password history at the domain level.
samba-tool domain passwordsettings set --history-length=0
#Disable password min-age at the domain level.
samba-tool domain passwordsettings set --min-pwd-age=0
#Disable password max-age at the domain level.
samba-tool domain passwordsettings set --max-pwd-age=0
#Disable minimum password length at the domain level.
samba-tool domain passwordsettings set min-pwd-length=0
###############################################################
#Enable password expiration for the Administrator account.
samba-tool user setexpiry Administrator --noexpiry
#Show domain level password options.
samba-tool domain passwordsettings show
#Enable password complexity at the domain level.
samba-tool domain passwordsettings set --complexity=on
#Enable password history at the domain level.
samba-tool domain passwordsettings set --history-length=4
#Enable password min-age at the domain level.
samba-tool domain passwordsettings set --min-pwd-age=1
#Enable password max-age at the domain level.
samba-tool domain passwordsettings set --max-pwd-age=45
#Enable minimum password length at the domain level.
samba-tool domain passwordsettings set min-pwd-length=7

*****************************************************************************************************
*
Hailitar Complejidad de Contrasea en Samba 3
*
*****************************************************************************************************
--- Listamos todos los Usuarios de Samba
pdbedit -Lv
pdbedit
pdbedit
pdbedit
pdbedit
pdbedit
pdbedit

-P
-P
-P
-P
-P
-P

"min password length" -C 7


"password history" -C 4
"maximum password age" -C 7776000
"minimum password age" -C 604800
"bad lockout attempt" -C 5
"lockout duration" -C 3

apt-get install cracklib2 cracklib-runtime libcrack2 libpam-cracklib


Creamos el script que verificara si se cunmplen las directivas de Complejidad de Contrasea,
en este caso lo he llamado checkpw.sh y lo puse dentro de la carpeta /usr/sbin/ luego le
daremos permisos de ejecucion con el siguiente comando:
chmod a+x /usr/sbin/checkpw.sh
Ahora editamos el fichero de samba como se muestra a continuacion
nano /usr/share/zentyal/stubs/samba/smb.conf.mas
Aadir al final la linea que esta en rojo y reiniciar el servidor con esto ya tenemos habilitada
las politicas de complejidad de contrasea en zentyal 2.2 con Samba 3
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
check password script = /usr/sbin/checkpw.sh %U

*****************************************************************************************************
*
Cmo crear un usuario FTP
*
*****************************************************************************************************
El directorio en donde tenga que acceder el usuario debe estar creado, con propietario "ftp"
y con permisos para operar:
sudo mkdir /home/SRVFTP
sudo chown -R ftp:ftp /home/SRVFTP
sudo chmod -R 755 /home/SRVFTP
Con esta instruccin tendremos una nueva cuenta de usuario en la base de datos:
mysql -u ftpadmin --password=deuteronomio -e "INSERT INTO vsftpd.usuarios (nombre,
contrasena) VALUES ('aplicaciones', PASSWORD('123455'));"
Creamos un fichero de texto para el perfil de usuario como /home/ftpusers en donde
escribiremos la ruta del directorio al que acceder el usuario va FTP:
local_root=/ruta/a/su/directorio
En este fichero podemos aadir cualquiera de los parmetros que son vlidos en
/etc/vsftpd.conf para personalizarlos para este usuario en concreto. Tambin los podemos
blindar un poco estableciendo permisos:
sudo chmod -R 440 /home/ftpusers/elnombredeusuario
Ej: Con Permisos de Escritura, editamos el fichero y aadimos:
dirlist_enable=YES
download_enable=YES
local_root=/home/SRVFTP/EICMA/Aplicaciones-Informaticas
anon_upload_enable=YES
anon_world_readable_only=NO
write_enable=YES
Ej: Con Permisos de solo lectura, editamos el fichero y aadimos:
dirlist_enable=YES
download_enable=YES
local_root=/home/SRVFTP/EICMA/Aplicaciones-Informaticas
write_enable=NO
anon_world_readable_only=NO
Cmo eliminar un usuario FTP
Eliminamos el usuario de la base de datos:
mysql -u ftpadmin --password=deuteronomio -e "DELETE FROM vsftpd.usuarios WHERE nombre = 'aplicaciones';"

Eliminamos el perfil FTP de usuario:


sudo rm /home/ftpusers/elnombredeusuario
Si queremos, podemos eliminar su directorio (se perder todo el contenido ! ):
sudo rm -R /ruta/a/su/directorio

You might also like