Samba - all messed up

Mark Knecht markknecht at gmail.com
Thu Sep 15 17:38:03 UTC 2005 

On 9/15/05, Rick Stevens <rstevens at vitalstream.com> wrote:

> >
> > I think what Mark means is that older Winxx defaulted to plaintext
> > passwords, while later ones defaulted to encrypted.  You probably need
> > to set your Win9x boxes to encrypt passwords.
> 
> Correct.  The following Windows versions used plaintext passwords:
> 
>         3.11 (Windows for Workgroups)
>         95 (without SMB patch)
>         WinNT V3.xx
>         WinNT V4.x (before SP3)
> 
> The following use encrypted passwords:
> 
>         95 (with SMB patch)
>         98
>         CE (PDAs and such)
>         ME
>         NT V4.x (with SP3 or later)
>         XP
>         2000
>         2003
> 
> Unfortunately, under "user level" security mode, Samba can only do one
> mode at a time, either encrypted or plaintext.  If you use domain- or
> server-level security (which would allow mixed plaintext and encrypted
> passwords),  you need a Windows PDC somewhere on your network to do the
> password validation.
> 
> AFAIK, if you MUST keep a Windows version that uses plaintext, you'll
> have to make them ALL use plaintext.  This can be done by modifying the
> registry.  The Samba distribution includes files to do that.
> 
> Go to the /usr/share/doc/samba-(version)/registry directory.  In there
> you'll find files named "*_PlainPassword.reg".  Find the one that's
> appropriate for your use (for XP, use the Win2000 file), copy it to a
> DOS formatted floppy, take the floppy to the offending machine and
> EXECUTE the .reg file.  This will turn off encrypted passwords on the
> machine.  You can then set "encrypt passwords = no" in
> /etc/samba/smb.conf and use plaintext.
> 
> Note, however, that your network is now vulnerable to password sniffing
> using stupid tools like tcpdump.  Since this is your home LAN, that may
> not be much of an issue.  I would NOT recommend this to anyone whose
> network is exposed to the Internet in any way, shape or form.
> 
> By the way, I HIGHLY recommend you get a copy of O'Reilly's "Using
> Samba", 2nd edition, by Ts, Eckstein and Collier-Brown.  This is all
> explained in chapter 9, starting on page 296.
> 
> Stupid Windows Joke:  Have you ever noticed what Windows has become
> with CE, ME and NT?  Coincidence?

Great info Rick. I've starred this email and will save it.

I knew about the encrypted vs. non-encrypted password issue but didn't
know which OS did it which way. Good list here.

Thanks,
Mark

More information about the Redhat-install-list mailing list