Why WinNT wrks 4.0 does not remember SAMBA password?

Gerald W. Carter jerry at Eng.Auburn.EDU
Fri Sep 19 18:39:38 GMT 1997 

Roeland M.J. Meyer wrote:
> 
> >> my NT requests password every time when I reboot, but only on SAMBA
> >> shares, passwd from W95 shares are saved and not requested.
> >>
> >> Any suggestion?
> 
> >I belive this will go away if you use encrypted passwords on the Samba
> >server ( not sure though ).  Also once you make the initial connection (
> >validation) then all subsequent connections go through.
> 
> Nope, this will not go away unless you also set 'security = user' in the
> Samba globals section. I just had to bring HAWK up to SP3_I (3 hour
> download at 28.8K <sigh>) and one of the consequences is that I had to
> implement encryption in Samba.

Yes.  I guess I took for granted that small detail  :-/  Sorry

> 
> >An interesting note to this is that if you use a Samba box to server the
> >homes directories for you NT accounts, then this connects up normally at
> >logon time with NO prompt for a password.  If the connection is done as
> >a presistent connection ( reconnect on login ) then it does ask for a
> >password.  A dump of the packets revleals that NT passes the password
> >across for the home directory automatically but not for the persistent
> >connection [hmmmmmm......]
> 
> Yeah, a major security leak. We don't allow 'security = user' because of
> this. I'll find out how persistent this leak is when I install the Secure
> Desktop, from Datafellows, next month. I hope that SSH will help with this.
> 
> BTW, the problem is with Microsoft.

But of course....

> >Anyway, if you mount the use's home directory from a Samba server then
> >all other connect to THAT server will go through without asking for a
> >password because the user has already been validated.
> 
> And this is a real problem. If you are Admin and a users asks for help. You
> sometimes have your trick Admin stuff on a LAN directory so you don't have
> to drag a load of disks around. Regardless of what's on the server, in USER
> security mode, if you then log into your Admin share (login w/ uuid and
> passwd) , that machine will always remember how to do that. Even through a
> power cycle and killing the smbd processes on the Linux Samba server (condor).

No.  and besides the remember connections is on the client in the
registry.
You can prevent the NT client from trying to reconnect at a later login
by 

	net use /persistent:no

disconnect all shares by the user to the server and then connect as the
admin.

And besides that, Samba always asks for a password on the first
connection in 
our setup here.  Samba 1.9.16p11 on Solaris 2.5.1 from NT4.0 w/sp3 and
plain
text passwords enabled on the client.

j-
________________________________________________________________________
                          Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )
________________________________________________________________________

More information about the samba mailing list