encrypt passwords = yes

Gerald Carter gcarter at valinux.com
Fri Aug 10 14:59:05 GMT 2001

On Tue, 7 Aug 2001, Rafal Szczesniak wrote:

> On Tue, 7 Aug 2001, Gerald Carter wrote:
> > On Tue, 7 Aug 2001, Rafal Szczesniak wrote:
> >
> > > I've observed the following situation:
> > > Explicitly setting encrypted passwords to "yes" makes smbd
> > > using NT password hash and authentication works fine. When I
> > > comment "encrypted passwords" out, smbd checks password
> > > against Lanman hash and everytime authentication fails
> >
> > No.  'encrypt passwords = no' checks against /etc/passwd.
> > My guess is that ytou are using MD5 passwords in /etc/shadow
> > and didn't enable --with-pam when compiling (or did not
> > create /etc/pam.d/samba)
> So, the log message 'Defaulting to Lanman password for XYZ'
> means that smbd is checking my password hash against Lanman
> hash in smbpasswd(5) or /etc/shadow ?
> If I leave smb.conf(5) without "encrypt passwords" then it
> should be set (by smbd run-time) to "yes". What is the
> default hash the smbd uses then ?

No that would mean that the client is sending the password
hash.  'encrypt passwords' defaults to no.

I'm confused.  Can we back up?  So with 'encrypt passwords
= no' you are still getting the 'Defaulting to Lanman password
for XYZ' in the log?  What client is this?

cheers, jerry
 www.valinux.com         VA Linux Systems       gcarter_at_valinux.com
 www.samba.org              SAMBA Team              jerry_at_samba.org
 www.plainjoe.org                                jerry_at_plainjoe.org
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

More information about the samba-technical mailing list