[Samba] Prevent smbpasswd lan manager field change
Jansen Robert
rjansen at vub.ac.be
Tue Apr 20 07:01:37 MDT 2010
On Wed, April 14, 2010 10:45, Jansen Robert wrote:
> Added note:
>
>
> The lanmanager smbpasswd filed change seems to happen also with some
> client machines do NOT explicitaly change their password. It rather seems
> that a client seems to enforce a zero LANMAN passwd if a client has a
> higher than LANMAN protocol available.
>
> "I have a higher protocol than LANMAN, so forget the LANMAN method
> and scratch the unsafer password hash".
>
> A wild guess,...
>
>
>
> But the question remains, how to prevent this from happening ?
>
>
> Running on a Solaris 9
>
>
> Ideas welcome.
>
>
> TIA
>
Found a solution:
Users can still explicitly change their password by using
<username>@<sambaserver> on their client PC, but the Lanmanager password
has field doesn't get "zeroed" out by a bunch of XXXXXXXXXXXXX....
Look here: http://www.troubleshooters.com/linux/win9x_samba.htm
Needed smb.conf entry's:
lanman auth = Yes
client lanman auth = Yes
client plaintext auth = Yes
Default behaviour changed during/after Samba version 3.2.0.
If anyone knows how to block users explicitly changing their password via
the client PC, would be a plus.
Any takers ?
my 2 cents
TIA
--------------------------
Brussels University
Pleinlaan 2
Computer Center VUB/ULB (VUBnet)
Ing. Robert Jansen
B-1050 Brussels
Belgium (Europe)
email: rjansen at vub.ac.be
Tel: +32-2-650.36.94
Secr: +32-2-650.37.38
Fax: +32-2-650.37.40
--------------------------
More information about the samba
mailing list