[Samba] 95 and NT cannot access shares

John H Terpstra jht at samba.org
Mon Feb 24 17:54:40 GMT 2003 

On Mon, 24 Feb 2003, William R. Knox wrote:

Bill,

Thanks for jumping in here. I'd like to reinforce your correction. Would
everyone please take note!

Someone who does a search on the samba mailing lists on this subject will
find many incorrect assertions regarding encrypted password support in MW
Windows products. Bill, your comments here are absolutely correct.

> The information provided here about the use of encrypted passwords is not
> true.

NOTE THIS NEXT STATEMENT!!

> NT began to ENFORCE the use of encrypted passwords with SP3, and
> Win95 the same with (I believe) OSR2, but ALL versions of these OSes
> supported encrypted passwords.

Please note also, that it is possible to use the PlainText registry hacks
to re-enable support for clear text passwords, but MS Windows clients will
cache only the encrypted password. This means that when the Windows client
drops a share connection (through time-out or for any other reason) then
on attempt to re-use the share the Windows client will send the encrypted
password in the attempt to reconnect (it does not have the plain text
password in it's cache). This can cause a blue screen problem and may
cause nasty application failures.

SO:

It is best NOT to use plain text passwords, instead use only encrypted
passwords - PARTICULARLY given that ALL MS Windows network clients support
encrypted passwords.

- John T.

>
> 			Bill Knox
> 			Senior Operating Systems Programmer/Analyst
> 			The MITRE Corporation
>
> On Mon, 24 Feb 2003, Don Zajic wrote:
>
> > Date: Mon, 24 Feb 2003 04:22:44 -0500
> > From: Don Zajic <donald.zajic at verizon.net>
> > To: 'Dave Ansell' <dave at theansells.com>, samba at lists.samba.org
> > Subject: RE: [Samba] 95 and NT cannot access shares
> >
> > Off the top of my head, I would say that using Encrypted passwords is
> > greate for W2K and XP, however, 95 does not use encrypted passwords and
> > unless you are using SP3 or above on NT, it also does not use encrypted
> > password.  Since you are mixing your flavors of Windows from 95 to XP,
> > you probably need to disable encrypted password and use plain text
> > passwords throughout your domain.
> >
> > encrypt password = no
> >
> > You also need to apply the .reg files to change from encrypted to
> > plaintext according to your windows version.  These .reg files are
> > located in your docs/Registry directory.
> >
> > Don Zajic
> >
> >
> > -----Original Message-----
> > From: samba-bounces+donald.zajic=verizon.net at lists.samba.org
> > [mailto:samba-bounces+donald.zajic=verizon.net at lists.samba.org] On
> > Behalf Of Dave Ansell
> > Sent: Sunday, February 23, 2003 4:07 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] 95 and NT cannot access shares
> >
> >
> > I have file and print sharing set up on Linux (Mandrake 9.0).
> >
> > It all works fine with 2000 and XP clients, but 95 and NT clients don't
> > seem to be able to access.
> >
> > Any ideas?
> > Thanks,
> > Dave
> >
> >
> > Typical log entry from Samba:
> >
> > [2003/02/22 16:21:37, 0] smbd/service.c:make_connection(599)
> >   wvo1314904 (192.168.1.10) Can't change directory to /home/samba/public
> > (Permission denied)
> >
> > My sbm.conf is:
> >
> > [global]
> >  workgroup = Waterlooville
> >  security = SHARE
> >  encrypt passwords = Yes
> >  passwd program = /usr/bin/passwd %u
> >  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
> > unix password sync = Yes  log file = /var/log/samba/log.%m  max log size
> > = 50  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192  dns
> > proxy = No
> >
> > [public]
> >  comment = Public Stuff
> >  path = /home/samba/public
> >  write list = @staff
> >  read only = No
> >  guest ok = Yes
> >
> > [printers]
> >  comment = All Printers
> >  path = /var/spool/samba
> >  create mask = 0700
> >  guest ok = Yes
> >  printable = Yes
> >  print command = /usr/bin/lpr -r -s -P%p %s
> >  browseable = No
> >  printer admin = davea
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list