Supporting both non encrypted and encrypted passwords

Marc Merlin marc_merlin at magic.metawire.com
Mon Aug 3 16:46:44 GMT 1998 

On Mon, Aug 03, 1998 at 08:38:13AM +0100, Langsteiner Martin ZFF IE-F wrote:
> 	Marc Merlin wrote:
>       >... is there any  other way to have Samba support  both at the same
>       >time without  having to give it  a list of clients  and protocol to
>       >use?
> 
> I setup  the smbpasswd file as  described in ENCRYPTION.txt (in  the Samba
> documentation),  and, as  we are  _only_ 12  users wanting  to access  the
> shares, gave  everyone a simple  initial samba password. Then I  asked the
> NT4 users to login to the samba server (Linux 2.x, Samba 1.9.18p8) as Unix
> users and change their samba password with the smbpasswd command.
> After this,  everyone got access  to the samba shares,  be he NT4  or WFWG
> user.

Mmmh. So  you  are  saying  that  WfWg  users  are  authentificated  against
/etc/passwd and NT4+SP3 users authentificated against smbpasswd?
How did you setup /etc/smb.conf to accomplish this? 

> 	As I understood ENCRYPTION.txt, Unix is not able to check LANMAN
> or NT4 encrypted passwords directly against the (original) Unix password
> file, because both are one-way hashed, but with different methods. So I
> conclude that Samba needs its extra smbpasswd file to verify NT4 logons
> at all.

That is correct. Note that I understand the problem very well, being why you
need both password files. I am  just hoping  that you'd be able to get samba
to  automatically  test  against  /etc/password or  smbpasswd  depending  on
whether the password session was encrypted; or even better: try an encrypted
password session, test the result  in smbpasswd, and fallback on /etc/passwd
if  you don't  have a  match  _and_ the  client accepts  to renegociate  the
password in plaintext form.
>From what I read, it looks like I need to tell samba what to negociate with
which clients, when I think it could autodetect it.

> 	Good luck, 

Thanks,
Marc
-- 
Home page: http://magic.metawire.com/~merlin/ (browser friendly)
Finger merlin at magic.metawire.com for PGP key and other contact information

More information about the samba mailing list