NT Login to Samba PDC

Matthias Wächter matthias at waechter.wol.at
Mon Sep 6 08:08:53 GMT 1999

On Sun, 5 Sep 1999, Skidmore, Stanley G wrote:

> Hi all,

> I am a very beginning SAMBA user. I have read that SAMBA can be built
> to be able to handle shadow passwords with Linux 6.0

Samba needs _either_ "Encrypted Passwords = No" (say, transmission is
unencrypted, storage on the server is in /etc/passwd or /etc/shadow or
whatever, but PDC functionality is not available this way) or "Encrypted
Passwords = Yes" (transmission is encrypted and some kind of secure, you
use .../etc/smbpasswd to contain the Samba password hashes which are not
compatible to those in /etc/shadow, but this way PDC is possible).

In the distribution there are some .REG files you can change the behavior
of your 95/98/NT computer with concerning the encryption of passwords. You
have to apply these registry patches if you have

* NT SP3 or above (or 95 SP1 or 98) _and_
* use "Encrypted Passwords = No" in your smb.conf.

As noted above, you will then have _no_ password security on your network
and have _NO_ PDC functionality (f.e. NT Workstations are members of the
Domain, ...).

> My question is where is that parameter set? Is it in the configure or
> make file?

So this question is answered above, use "Encrypted Passwords = No", but
then no PDC. Since this note came on the NTDOM mailing list, I assume you
do want PDC functionality, so forget about unencrypted password
transmission and storage in /etc/shadow.

If you refer to my last message containing a patch to enable SWAT use
shadow passwords: This is only for SWAT, nothing else. Since swat runs on
the Samba server itself, it doesn't have to use SMB to authenticate,
instead authentication is done against the /etc/passwd database (and
hopefully against the passwords stored in /etc/shadow which - in 2.1 - is
only possible patching some files). Note anyway, that password
transmission if using SWAT is unsecure even you say "Encrypted Passwords =
Yes" in your smb.conf file, so SWAT should only be accessed from the
server itself or that near. Especially the root password can be sniffed
easily that way!

Sehr Wus,
- Matthias

Verkauft für 339,88 Dollar!
	- aus: Groundhog Day (Und täglich grüßt das Murmeltier)

More information about the samba-ntdom mailing list