Supporting both non encrypted and encrypted passwords
Marc Merlin
marc_merlin at magic.metawire.com
Mon Aug 3 16:46:44 GMT 1998
On Mon, Aug 03, 1998 at 08:38:13AM +0100, Langsteiner Martin ZFF IE-F wrote:
> Marc Merlin wrote:
> >... is there any other way to have Samba support both at the same
> >time without having to give it a list of clients and protocol to
> >use?
>
> I setup the smbpasswd file as described in ENCRYPTION.txt (in the Samba
> documentation), and, as we are _only_ 12 users wanting to access the
> shares, gave everyone a simple initial samba password. Then I asked the
> NT4 users to login to the samba server (Linux 2.x, Samba 1.9.18p8) as Unix
> users and change their samba password with the smbpasswd command.
> After this, everyone got access to the samba shares, be he NT4 or WFWG
> user.
Mmmh. So you are saying that WfWg users are authentificated against
/etc/passwd and NT4+SP3 users authentificated against smbpasswd?
How did you setup /etc/smb.conf to accomplish this?
> As I understood ENCRYPTION.txt, Unix is not able to check LANMAN
> or NT4 encrypted passwords directly against the (original) Unix password
> file, because both are one-way hashed, but with different methods. So I
> conclude that Samba needs its extra smbpasswd file to verify NT4 logons
> at all.
That is correct. Note that I understand the problem very well, being why you
need both password files. I am just hoping that you'd be able to get samba
to automatically test against /etc/password or smbpasswd depending on
whether the password session was encrypted; or even better: try an encrypted
password session, test the result in smbpasswd, and fallback on /etc/passwd
if you don't have a match _and_ the client accepts to renegociate the
password in plaintext form.
>From what I read, it looks like I need to tell samba what to negociate with
which clients, when I think it could autodetect it.
> Good luck,
Thanks,
Marc
--
Home page: http://magic.metawire.com/~merlin/ (browser friendly)
Finger merlin at magic.metawire.com for PGP key and other contact information
More information about the samba
mailing list