[Samba] passwd encryption

Andrew Bartlett abartlet at pcug.org.au
Sat May 11 06:35:03 GMT 2002

Mohamed Aly wrote:
> john
> thanx for your reply but iam not agree with you coz i think that
> "Encrypt Passwords = yes" option is used  just when other NT machines want to
> connect to your samba server coz NT by default using encrypted pass so i have
> to enable passwd encreption on my samba server and define the encreption
> passwd file for it .
> but iam asking about the reversed operation . when iam tring to connect to NT
> machine from smbclient command the passwd is encrypted as well or not ?
> "iam tring to be sure about it coz i dont want to let someone sniff my NT
> passwd :)) "

As I said in my other reply (and to ensure there is no confusion in the

As a client:  Samba will encrypt passwords to an encrypting passwords
server IFF the server claims to support it.  The 'encrypt passwords'
smb.conf paramater has no effect on samba *clients*.

However, there is presently no option that *requires* password
encryption, so sombody can use a MITM (man in the middle) attack to
'turn off' encrypted password support on the server.  Similarly, Samba
always sends both the LM and NT passwords - the LM password can be
cracked in hours on modern PC hardware.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list