[Samba] 95 and NT cannot access shares

Don Zajic donald.zajic at verizon.net
Tue Feb 25 00:03:14 GMT 2003 

Bill and John, I stand VERY corrected.  Long days, short nights, new
job, no other good excuses.  I will make an effort to thoroughly
research the issue prior to making a response.

Dave, I hope that my response did not cause you too much confusion or
frustration.

Don Zajic

-----Original Message-----
From: samba-bounces+donald.zajic=verizon.net at lists.samba.org
[mailto:samba-bounces+donald.zajic=verizon.net at lists.samba.org] On
Behalf Of John H Terpstra
Sent: Monday, February 24, 2003 12:55 PM
To: William R. Knox
Cc: samba at lists.samba.org; Don Zajic
Subject: RE: [Samba] 95 and NT cannot access shares


On Mon, 24 Feb 2003, William R. Knox wrote:

Bill,

Thanks for jumping in here. I'd like to reinforce your correction. Would
everyone please take note!

Someone who does a search on the samba mailing lists on this subject
will find many incorrect assertions regarding encrypted password support
in MW Windows products. Bill, your comments here are absolutely correct.

> The information provided here about the use of encrypted passwords is 
> not true.

NOTE THIS NEXT STATEMENT!!

> NT began to ENFORCE the use of encrypted passwords with SP3, and Win95

> the same with (I believe) OSR2, but ALL versions of these OSes 
> supported encrypted passwords.

Please note also, that it is possible to use the PlainText registry
hacks to re-enable support for clear text passwords, but MS Windows
clients will cache only the encrypted password. This means that when the
Windows client drops a share connection (through time-out or for any
other reason) then on attempt to re-use the share the Windows client
will send the encrypted password in the attempt to reconnect (it does
not have the plain text password in it's cache). This can cause a blue
screen problem and may cause nasty application failures.

SO:

It is best NOT to use plain text passwords, instead use only encrypted
passwords - PARTICULARLY given that ALL MS Windows network clients
support encrypted passwords.

- John T.

>
> 			Bill Knox
> 			Senior Operating Systems Programmer/Analyst
> 			The MITRE Corporation
>
> On Mon, 24 Feb 2003, Don Zajic wrote:
>
> > Date: Mon, 24 Feb 2003 04:22:44 -0500
> > From: Don Zajic <donald.zajic at verizon.net>
> > To: 'Dave Ansell' <dave at theansells.com>, samba at lists.samba.org
> > Subject: RE: [Samba] 95 and NT cannot access shares
> >
> > Off the top of my head, I would say that using Encrypted passwords 
> > is greate for W2K and XP, however, 95 does not use encrypted 
> > passwords and unless you are using SP3 or above on NT, it also does 
> > not use encrypted password.  Since you are mixing your flavors of 
> > Windows from 95 to XP, you probably need to disable encrypted 
> > password and use plain text passwords throughout your domain.
> >
> > encrypt password = no
> >
> > You also need to apply the .reg files to change from encrypted to 
> > plaintext according to your windows version.  These .reg files are 
> > located in your docs/Registry directory.
> >
> > Don Zajic
> >
> >
> > -----Original Message-----
> > From: samba-bounces+donald.zajic=verizon.net at lists.samba.org
> > [mailto:samba-bounces+donald.zajic=verizon.net at lists.samba.org] On 
> > Behalf Of Dave Ansell
> > Sent: Sunday, February 23, 2003 4:07 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] 95 and NT cannot access shares
> >
> >
> > I have file and print sharing set up on Linux (Mandrake 9.0).
> >
> > It all works fine with 2000 and XP clients, but 95 and NT clients 
> > don't seem to be able to access.
> >
> > Any ideas?
> > Thanks,
> > Dave
> >
> >
> > Typical log entry from Samba:
> >
> > [2003/02/22 16:21:37, 0] smbd/service.c:make_connection(599)
> >   wvo1314904 (192.168.1.10) Can't change directory to 
> > /home/samba/public (Permission denied)
> >
> > My sbm.conf is:
> >
> > [global]
> >  workgroup = Waterlooville
> >  security = SHARE
> >  encrypt passwords = Yes
> >  passwd program = /usr/bin/passwd %u
> >  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* 
> > %n\n unix password sync = Yes  log file = /var/log/samba/log.%m  max

> > log size = 50  socket options = TCP_NODELAY SO_RCVBUF=8192 
> > SO_SNDBUF=8192  dns proxy = No
> >
> > [public]
> >  comment = Public Stuff
> >  path = /home/samba/public
> >  write list = @staff
> >  read only = No
> >  guest ok = Yes
> >
> > [printers]
> >  comment = All Printers
> >  path = /var/spool/samba
> >  create mask = 0700
> >  guest ok = Yes
> >  printable = Yes
> >  print command = /usr/bin/lpr -r -s -P%p %s
> >  browseable = No
> >  printer admin = davea
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
>
>

-- 
John H Terpstra
Email: jht at samba.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list