making smbpasswd from /etc/passwd
Gerald Carter
gcarter at valinux.com
Wed Nov 1 19:29:51 GMT 2000
rparker at VPR.net wrote:
>
> I know that I had to patch the registry on various Win98 clients
> (in a mostly Win95 environment) to allow plaintext
> logons...will those clients still be able to log on in
> plaintext once I turn support for encrypted passwords on?
> I'll happily 'unpatch' the Win98 machines, but for the rest...
You don't have to "unpatch". In a secure world you would
of course. The registry value EnablePlainTextPasswords=0x1
enables the client to downgrade to clear test authentication
of the server does not support password encryption. It does
not disable the use of the challenge/response authentication
used by encrytion enabled servers. :-) It's a common
misunderstanding.
Now if you want to make sure that Win9x client do not
downgrade in the event that someone uses this type of attack
to harvest passwords, you will need to make the change.
If you are using domain logons, you can do this via a registry
file in the logon script.
> I'm assuming the answer is yes since samba can accept
> connections from WFW31 and DOS clients which I presume don't
> support encrypted passwords?
All MS clients support the challenge response authentication.
:-) Another common misconception.
> BTW, thanks to those who answered my question about WIN2K. I
> wasn't able to 'find' the place to enable plaintext passwords
> on the WIN2K box
Control Panel -> Admin Tools -> Local Security Settings
or something like that. The registry script is include
with recent Samba releases as well.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba
mailing list