Summary of "encrypted and cleartext password in the same time" issue.

Gaurang Pandya gaubrig at yahoo.com
Mon Jan 14 10:16:09 GMT 2002 

 I have been seeing this discussion from quite a long time.
So thought let me to jump into it. So till now what i have understood is that
win95 sends unexcrypted passwords and W2K clients send it encrypted.
and thats what makes problem when they are in same domain.
Am I wrong?
Any way if that is the case i think I have a solution to this problem.
Its quiet simple (but not sure whether it will work or not need to test it out)
in [global] configuration have multiple netbois names registered by the Domain Controller (DC). 
with following entry
netbios alias = dcw95 dcw2k
then we can call the config based on the client call to it. But in this case may be new machine accounts need to 
be created atleast for W95 clients. And that can be performed by including following line in config file.
config file = /etc/samba/smb.conf.%L
on the whole the smb.conf file will contain only those two lines. And rest of the things shold be handeled by
smb.conf.dcw95 and smb.conf.dcw2k.
According to documents this config should work. But needs a test I think.
Please let me know if i am wrong any where.
Thanks.
Gaurang.
  "Barker, Brian W." <BRIAN.W.BARKER at saic.com> wrote: I have been also trying to get my UNIX Samba to work with
both win95 and win2000 and have had this problem with
encrypted vs. not. I don't understand this answer. You
say "All the listed clients will send an encrypted password
if 'encrypt passwords = yes'". But the 'encrypt passwords = yes'
is in the config file on my Unix machine, are you saying that
this will automatically make my Win95 machine send an encrypted
password? I find this hard to believe but maybe it is so. What do you
mean the clients will permit a security downgrade if the server
requests it? Can you elaborate? Maybe Martin understands...

Brian W. Barker
SAIC
Rosslyn, VA

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at pcug.org.au]
Sent: Saturday, January 12, 2002 8:13 PM
To: Martin Rusko
Cc: samba at lists.samba.org; Barker, Brian W.
Subject: Re: Summary of "encrypted and cleartext password in the same
time" issue.


Martin Rusko wrote:
> 
> Hi all,
> this is an attempt to cover all possibilities, how to access samba server
with
> clients sending cleartext password (CP clients) (original Win95, WinNT
until
> SP3) and clients sending encrypted password (EP clients) (Win98, Win2k,
> ....) at the same time. Any feedback, comments, questions or improvements
> are very welcome. :-)

All the listed clients will send an encrypted password if 'encrypt
passwords = yes'. 

The 'CP' clients you list are only different in that they will *permit*
a security downgrade if the server requests it. Later clients do not
permit this downgrade without a registry hack (for security reasons).

Andrew Bartlett

-- 
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net

-- 
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba


---------------------------------
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list