Must a Samba PDC use encrypted passwords?

Luke Kenneth Casson Leighton lkcl at
Wed Jun 10 17:30:08 GMT 1998

On Wed, 10 Jun 1998, CAE Samba Admin wrote:

> > correct.  but you should have only been running "update encrypted" for 3
> > to 7 days _prior_ to enabling "encrypt passwords" therefore this situation
> > should not really occur.
> 	Well, this is fine and dandy if you are migrating from having
> people connect to non-PDC samba box towards a PDC, but when you are
> starting out in an homogeneous NT enviornment never having had samba
> running for other than test purposes, this is rather pointless as a user
> won't be able to sit down at an NT box and type in there username and
> password to login without having *first* been in the smbpasswd file. 
> > what you _could_ do is have:
> > 
> > include = smb.conf.%m
> > 
> > and have two different netbios names for your machine, one with update
> > encrypted the other with encrypt passwords.
> 	Chicken before the egg.  I don't see what you are getting at here.

ah - this was based on the assumption that your network was a pre-existing
samba environment with clear-text passwords, and you were upgrading to the
samba server to PDC status.

this is the situation in which "update encrypted" is appropriate, and none

the solution for you as described in the previous post, going effectively
for a migration from NT to samba, is to use PWDUMP or the NT server admin
equivalent, and to create the smbpasswd file from this output.

good luck!


More information about the samba-ntdom mailing list