Summary of [Re: Default encrypted passwords = yes?]
jay at toltec.metran.cx
Thu Sep 27 17:26:02 GMT 2001
> On Thu, 27 Sep 2001, Jay Ts wrote:
> > - documentation: make sure it is clear to new admins that
> > encrypted passwords need to be used unless there are
> > "legacy" Win95, WinNT or older systems on the net.
> Sorry. This is one of my pet peeves. All MS clients
> can use NTLMv1.
I apologize if I touched a sore nerve. I wasn't writing
as clearly as I could have (or maybe I simply don't know
what I'm talking about! ;-) What I meant was that encrypted
passwords are used _by_default_ in the contemporary Windows
releases, and so it is necessary to configure Samba for them.
I am calling Win95 and WinNT "legacy" because Win95 is getting
severely old, and WinNT 4.0, although still useful, really (= IMO ;-)
should be patched with a Service Pack that includes Y2K fixes,
all of which (SP 4-6) include the encrypted password update,
same as in SP3. (So "legacy NT" here means NT 4.0 SP2 or earlier.)
That is correct, or am I missing something? To get newer
Windows releases to use the NTLMv1 system, is that the
same (identical) as needing to change the registry to
enable plaintext passwords? Or is there something different
here that you are referring to? ** slightly confused **
Somewhere in here my point is that _new_admins_ shouldn't
be directed to make registry changes to enable plaintext
passwords unless they really, really have to, to support
those older Windows/DOS versions. I think a much better
documentation strategy would be to point them to the service
pack or other update that will enable encrypted passwords,
and only use the registry mods as a last-resort fallback.
Any argument there? Because if there is, I must be missing
something really basic, and I'd like to know what...
- Jay Ts
jayts at iname.com
More information about the samba-technical