Samba - all messed up
Mark Knecht
markknecht at gmail.com
Thu Sep 15 17:38:03 UTC 2005
On 9/15/05, Rick Stevens <rstevens at vitalstream.com> wrote:
> >
> > I think what Mark means is that older Winxx defaulted to plaintext
> > passwords, while later ones defaulted to encrypted. You probably need
> > to set your Win9x boxes to encrypt passwords.
>
> Correct. The following Windows versions used plaintext passwords:
>
> 3.11 (Windows for Workgroups)
> 95 (without SMB patch)
> WinNT V3.xx
> WinNT V4.x (before SP3)
>
> The following use encrypted passwords:
>
> 95 (with SMB patch)
> 98
> CE (PDAs and such)
> ME
> NT V4.x (with SP3 or later)
> XP
> 2000
> 2003
>
> Unfortunately, under "user level" security mode, Samba can only do one
> mode at a time, either encrypted or plaintext. If you use domain- or
> server-level security (which would allow mixed plaintext and encrypted
> passwords), you need a Windows PDC somewhere on your network to do the
> password validation.
>
> AFAIK, if you MUST keep a Windows version that uses plaintext, you'll
> have to make them ALL use plaintext. This can be done by modifying the
> registry. The Samba distribution includes files to do that.
>
> Go to the /usr/share/doc/samba-(version)/registry directory. In there
> you'll find files named "*_PlainPassword.reg". Find the one that's
> appropriate for your use (for XP, use the Win2000 file), copy it to a
> DOS formatted floppy, take the floppy to the offending machine and
> EXECUTE the .reg file. This will turn off encrypted passwords on the
> machine. You can then set "encrypt passwords = no" in
> /etc/samba/smb.conf and use plaintext.
>
> Note, however, that your network is now vulnerable to password sniffing
> using stupid tools like tcpdump. Since this is your home LAN, that may
> not be much of an issue. I would NOT recommend this to anyone whose
> network is exposed to the Internet in any way, shape or form.
>
> By the way, I HIGHLY recommend you get a copy of O'Reilly's "Using
> Samba", 2nd edition, by Ts, Eckstein and Collier-Brown. This is all
> explained in chapter 9, starting on page 296.
>
> Stupid Windows Joke: Have you ever noticed what Windows has become
> with CE, ME and NT? Coincidence?
Great info Rick. I've starred this email and will save it.
I knew about the encrypted vs. non-encrypted password issue but didn't
know which OS did it which way. Good list here.
Thanks,
Mark
More information about the Redhat-install-list
mailing list