Encrypted and cleartext at the same time?
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu Oct 16 12:02:51 GMT 1997
On Wed, 15 Oct 1997, Leslie Mikesell wrote:
> > > Is it possible to make samba accept both cleartext and encrypted
> > > passwords, and continue to match the cleartext against the
> > > unix password file?
> > you cannot select by username, the reason being that the negotiation SMBs
> > incidate encrypted or cleartext password capability _before_ a session
> > setup SMB, which indicates username and password.
> Which end controls this?
> I'm perfectly happy to continue to accept
> cleartext from any client that offers it. This is a firewalled
> business environment where people aren't going to be sniffing
> passwords unless they are being paid to do that, in which case they
> already know the root password. I just want to be able to continue
> to work as people install the SP3 virus, err... upgrade.
Enable plain text passwords, then (see docs/*.reg)
> > an alternative would be to have two NetBIOS names for your server. have
> > "include = smb.conf.%M", and in smb.conf.SERVER_ENC have one line
> > "encrypted passwords = yes".
> > then ask people to use the other NetBIOS name when connecting from NT
> > SP3. apart from anything, they'll find that they _can't_ connect to the
> > old name.
ok, well we've got someone working on "migrate passwords = yes", where it
will take the clear-text passwords, once verified against the unix login,
and generate an entry in smbpasswd.
within one week of running "migrate passwords = yes" you will have a full
smbpasswd database, and be able to do "encrypt passwords = yes" instead.
More information about the samba