Encrypted and cleartext at the same time?

Luke Kenneth Casson Leighton lkcl at switchboard.net
Thu Oct 16 12:02:51 GMT 1997

On Wed, 15 Oct 1997, Leslie Mikesell wrote:

> > > Is it possible to make samba accept both cleartext and encrypted
> > > passwords, and continue to match the cleartext against the
> > > unix password file?
> > 
> > you cannot select by username, the reason being that the negotiation SMBs 
> > incidate encrypted or cleartext password capability _before_ a session 
> > setup SMB, which indicates username and password.
> Which end controls this?


>  I'm perfectly happy to continue to accept
> cleartext from any client that offers it.  This is a firewalled
> business environment where people aren't going to be sniffing
> passwords unless they are being paid to do that, in which case they
> already know the root password.  I just want to be able to continue
> to work as people install the SP3 virus, err... upgrade.

Enable plain text passwords, then (see docs/*.reg)
> > an alternative would be to have two NetBIOS names for your server.  have 
> > "include = smb.conf.%M", and in smb.conf.SERVER_ENC have one line 
> > "encrypted passwords = yes".
> > 
> > then ask people to use the other NetBIOS name when connecting from NT 
> > SP3.  apart from anything, they'll find that they _can't_ connect to the 
> > old name.

ok, well we've got someone working on "migrate passwords = yes", where it 
will take the clear-text passwords, once verified against the unix login, 
and generate an entry in smbpasswd.

within one week of running "migrate passwords = yes" you will have a full 
smbpasswd database, and be able to do "encrypt passwords = yes" instead.


More information about the samba mailing list