Could checking for weak passwords using tools like John or rainbow tables be considered "best practice"?
Absolutely, in fact, many Linux distributions do some level of this out of the box. You should look at pam_cracklib, which applies a number of tests to a new password before accepting a change. Is it the same as the old one? The old one reversed? Almost all the same characters as the last one? Does the password exist in the dictionary you've specified to check against?
I find that Hal Pomeranz's review of pam_cracklib is an excellent place to start. He rightly points out that it isn't well documented, which makes it harder for administrators to use it to protect their sites, and lays out a simple guide to make it make sense.
That covers preventive maintenance for good passwords, which is definitely "best practice". Another procedure some follow is active cracking, where the admins will run John the Ripper against their own systems and, when a user's password is cracked, they force the user to change their password. This might be done on an ongoing basis, or on a scheduled (quarterly/semi-annual/annual) basis. There are some issues to be considered before choosing to do this; do you want your admins knowing user passwords as they get cracked? Do you have a safe place to crack that an attacker can't gain access to? If you make users update passwords as fast as they get cracked, will that be too intensive? ("All users must change their passwords on days that end in 'Y'...)
Finally, your question focuses on the password strength. For defensive purposes, I urge you to also pay attention to password hash encoding. Unix/Linux passwords may be hashed with DES, MD5, or Blowfish; it is configurable on a system level. Many systems use the oldest and most common algorithm, DES, which is trivially cracked. If you can change your system's settings and your passwords to MD5 or Blowfish, it will become much harder for attackers to crack your passwords, even if you user chooses "Pa$$w0rd" as their password.