Has anyone made update encrypted work?

Gerald W. Carter cartegw at Eng.Auburn.EDU
Tue Jun 30 15:59:10 GMT 1998

On Wed, 1 Jul 1998, Dana Canfield wrote:

> Sorry to post on the same topic twice in a week, but I've been looking
> at the archives and I see a couple questions regarding this and no
> answers, so I'm wondering if anyone has gotten update encrypted to work.

Yup.  Worked fine.  Migrated over about 30 users.  Small need for them.
They never even knew.
> As I understand it, the way the option should work is this:
> You have an existing Unix password file with your users in it.
> Set up Samba as a PDC with update encypted on, and encrypted passwords
> off.
> Run the mksmbpasswd script to create an smbpasswd file with "empty"
> passwords.
> Use smbpasswd -a -m to add machine accounts to the smbpasswd file.
> Run the NT4 Plain Password registry hack found in docs directory.
> Run like this for a while, allowing your users to log into the Samba
> PDC, and it updates the encrypted smbpasswd file.
> Eventually change the registry back and enable encrypted passwords.

Nope.  You won't be able to use this option on your Samba PDC.

> Is this correct?  It seems that I have to be missing something.  When I
> add a user to the smbpasswd file using smbpasswd -a, creating an
> encrypted smbpasswd file entry, I'm OK.  But trying to log into the PDC
> with a user who either doesn't have an smbpasswd entry, or has all X's
> as the password fails.

NT logins use encrypted passwords only.

Here's how I used it.

Local accounts on a WinFrame 1.6 box.  Used the samba 1.9.18p7 server as
the [homes] server.  Specified H: to connect to \\server\<username> in the
profile on the NT box.  This way the connection would be made by passing
the plain text password to the server and thus updating the smbpasswd

After I had all the users, I merged the result of the new smbpasswd and
the smbpasswd on the samba PDC thus allowing users to mount the shares
from SAMBA_PDC instead and also allowing me to add the WinFrame box to the
domain when I wanted to without causing login problems for my users.

Make sense?

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list