making smbpasswd from /etc/passwd

Gerald Carter gcarter at
Wed Nov 1 19:29:51 GMT 2000

rparker at wrote:
> I know that I had to patch the registry on various Win98 clients
> (in a mostly Win95 environment) to allow plaintext
> logons...will those clients still be able to log on in
> plaintext once I turn support for encrypted passwords on?
> I'll happily 'unpatch' the Win98 machines, but for the rest...

You don't have to "unpatch".  In a secure world you would 
of course.  The registry value EnablePlainTextPasswords=0x1
enables the client to downgrade to clear test authentication
of the server does not support password encryption.  It does
not disable the use of the challenge/response authentication
used by encrytion enabled servers. :-)  It's a common 

Now if you want to make sure that Win9x client do not 
downgrade in the event that someone uses this type of attack
to harvest passwords, you will need to make the change.
If you are using domain logons, you can do this via a registry
file in the logon script.

> I'm assuming the answer is yes since samba can accept
> connections from WFW31 and DOS clients which I presume don't
> support encrypted passwords?

All MS clients support the challenge response authentication.
:-)  Another common misconception.

> BTW, thanks to those who answered my question about WIN2K. I
> wasn't able to 'find' the place to enable plaintext passwords
> on the WIN2K box

Control Panel -> Admin Tools -> Local Security Settings

or something like that.  The registry script is include 
with recent Samba releases as well.

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/  VA Linux Systems   gcarter at       SAMBA Team          jerry at                     jerry at

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba mailing list