Summary of "encrypted and cleartext password in the same time" issue.

Martin Rusko rusko at kam.vm.stuba.sk
Mon Jan 14 11:46:03 GMT 2002 

No, no extra configuration at win95 side is needed. Just use "encrypt 
passwords = yes", because others won't work (without registry hack). ;-)

I was three years thinking, that something is needed!!!! And what really 
scared me is, that I don't know why I thought it. Because it is working 
without any changes on win95. ;-((
I should drink less. ;-)))

     mARTin

On 14 Jan 02, at 11:04, Gaurang Pandya wrote:

> 
>  Ok, then is there any extra configuration needed at Windows 95 side to either send
> passwds in plain text or encrypted fomat. Or it just behaves in the way its specified in smb.conf file?
> Gaurang.
>   Martin Rusko <rusko at kam.vm.stuba.sk> wrote: No, it was completely my fault. 
> Windows 95 are able to send encrypted password and if needed also are 
> able to send password in plain text form.
> Win2k will never send cleartext password, until changed in registry. 
> 
> So Brian, probably will have another problem. Because with "encrypt 
> password = yes" it should work for both type of clients, also in the same 
> workgroup/domain. ;-)
> 
> mARTin
> On 14 Jan 02, at 10:02, Gaurang Pandya wrote:
> 
> > 
> > I have been seeing this discussion from quite a long time.
> > So thought let me to jump into it. So till now what i have understood is that
> > win95 sends unexcrypted passwords and W2K clients send it encrypted.
> > and thats what makes problem when they are in same domain.
> > Am I wrong?
> > Any way if that is the case i think I have a solution to this problem.
> > Its quiet simple (but not sure whether it will work or not need to test it out)
> > in [global] configuration have multiple netbois names registered by the Domain Controller (DC).
 
> > with following entry
> > netbios alias = dcw95 dcw2k
> > then we can call the config based on the client call to it. But in this case may be new machine
 accounts need to 
> > be created atleast for W95 clients. And that can be performed by including following line in co
nfig file.
> > config file = /etc/samba/smb.conf.%L
> > on the whole the smb.conf file will contain only those two lines. And rest of the things shold 
be handeled by
> > smb.conf.dcw95 and smb.conf.dcw2k.
> > According to documents this config should work. But needs a test I think.
> > Please let me know if i am wrong any where.
> > Thanks.
> > Gaurang.
> > "Barker, Brian W." 
> wrote: I have been also trying to get my UNIX Samb
> a to work with
> > both win95 and win2000 and have had this problem with
> > encrypted vs. not. I don't understand this answer. You
> > say "All the listed clients will send an encrypted password
> > if 'encrypt passwords = yes'". But the 'encrypt passwords = yes'
> > is in the config file on my Unix machine, are you saying that
> > this will automatically make my Win95 machine send an encrypted
> > password? I find this hard to believe but maybe it is so. What do you
> > mean the clients will permit a security downgrade if the server
> > requests it? Can you elaborate? Maybe Martin understands...
> > 
> > Brian W. Barker
> > SAIC
> > Rosslyn, VA
> > 
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at pcug.org.au]
> > Sent: Saturday, January 12, 2002 8:13 PM
> > To: Martin Rusko
> > Cc: samba at lists.samba.org; Barker, Brian W.
> > Subject: Re: Summary of "encrypted and cleartext password in the same
> > time" issue.
> > 
> > 
> > Martin Rusko wrote:
> > > 
> > > Hi all,
> > > this is an attempt to cover all possibilities, how to access samba server
> > with
> > > clients sending cleartext password (CP clients) (original Win95, WinNT
> > until
> > > SP3) and clients sending encrypted password (EP clients) (Win98, Win2k,
> > > ....) at the same time. Any feedback, comments, questions or improvements
> > > are very welcome. :-)
> > 
> > All the listed clients will send an encrypted password if 'encrypt
> > passwords = yes'. 
> > 
> > The 'CP' clients you list are only different in that they will *permit*
> > a security downgrade if the server requests it. Later clients do not
> > permit this downgrade without a registry hack (for security reasons).
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett abartlet at pcug.org.au
> > Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> > Student Network Administrator, Hawker College abartlet at hawkerc.net
> > http://samba.org http://build.samba.org http://hawkerc.net
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> > 
> > 
> > ---------------------------------
> > Do You Yahoo!?
> > Send FREE video emails in Yahoo! Mail.
> 
> 
> --
> Martin Rusko
> PhD student
> Slovak Technical University
> Faculty of Mechanical Engineering
> Department of Automation
> --
> e-mail: rusko at kam.vm.stuba.sk
> mobile: +421 903 246698
> --
> motto: We are Microsoft! Resistance is futile. 
> Open your source code and prepare for assimilation.
> 
> 
> ---------------------------------
> Do You Yahoo!?
> Send FREE video emails in Yahoo! Mail.


--
Martin Rusko
PhD student
Slovak Technical University
Faculty of Mechanical Engineering
Department of Automation
--
e-mail: rusko at kam.vm.stuba.sk
mobile: +421 903 246698

More information about the samba mailing list