[Samba] passwd encryption
abartlet at pcug.org.au
Sat May 11 06:35:03 GMT 2002
Mohamed Aly wrote:
> thanx for your reply but iam not agree with you coz i think that
> "Encrypt Passwords = yes" option is used just when other NT machines want to
> connect to your samba server coz NT by default using encrypted pass so i have
> to enable passwd encreption on my samba server and define the encreption
> passwd file for it .
> but iam asking about the reversed operation . when iam tring to connect to NT
> machine from smbclient command the passwd is encrypted as well or not ?
> "iam tring to be sure about it coz i dont want to let someone sniff my NT
> passwd :)) "
As I said in my other reply (and to ensure there is no confusion in the
As a client: Samba will encrypt passwords to an encrypting passwords
server IFF the server claims to support it. The 'encrypt passwords'
smb.conf paramater has no effect on samba *clients*.
However, there is presently no option that *requires* password
encryption, so sombody can use a MITM (man in the middle) attack to
'turn off' encrypted password support on the server. Similarly, Samba
always sends both the LM and NT passwords - the LM password can be
cracked in hours on modern PC hardware.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba