ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'

Steve Langasek vorlon at
Tue Jul 9 12:30:03 GMT 2002


Playing with my smb.conf on a new server (2.2.5), I noticed that the
'security=domain' and 'encrypt passwords=yes' parameters are somewhat
redundant.  When commenting out the 'encrypt passwords' line, testparm
gave me the error in the subj.  I know some config options (such as
'domain master') have recently added a default of 'auto'; is there any
reason not to do the same for 'encrypt passwords' in Samba 3.0?  I would
propose an 'encrypt passwords = auto' that behaves like the pseudocode

if (exists $(smb passwd file) || has_valid_pdb_backend() || $security == domain)
	encrypt passwords = yes
	encrypt passwords = no

Are there disadvantages to such an approach?

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list