[Samba] Windows XP and plain text password

John H Terpstra jht at samba.org
Thu Mar 13 15:52:46 GMT 2003 

On Thu, 13 Mar 2003, Kenny Mann wrote:

> http://quics.qnx.com/cgi-bin/print_des.cgi?/usr/free/qnx4/tcpip/utils/+s
> amba-qnxbin-2.0.7.tgz

2.0.7 is way ancient - do you not have a more up to date version?

In any case Samba has it's own crypto routines for MS Windows clients.
Does your version have a binary called 'smbpasswd'? If so, then that is
what you need to create the encrypted password database.

Also, check the output of:
	testparm | grep encrypt

If it has a line that says 'encrypt passwords' then it is most likely that
your versions DOES have support for encrypted password handling.

As I indicated, plain text password support in MS Windows products had
most likely NOT been maintained since it was disabled by default. If you
revert to plain text passwords you will almost certainly run into serious
problems.

- John T.


> "You should also read the samba docs. Especially those concerning WinNT,
> Win98 and W2K where encrypted password negotiation is used by default.
> It's all explained in the docs how to revert back to clear-text
> negotiation.
> Basically you need to do some nasty registry hacking to achieve this.
> On the other hand, you could also enable encryption in samba. I've heard
> reports that this works with at least WinNT."
>
> (That's not a link to a file above, it's a link to a page with that text
> in it)
> If there is a way to do encpryted password, I would be serisously rock
> if it was found!
> :-)
>
> THANKS!
>
> --KM
>
>
> > -----Original Message-----
> > From: John H Terpstra [mailto:jht at samba.org]
> > Sent: Wednesday, March 12, 2003 10:47 PM
> > To: Kenny Mann
> > Cc: Andrew Bartlett; ; Sacha HAEGELIN
> > Subject: RE: [Samba] Windows XP and plain text password
> >
> >
> > On Wed, 12 Mar 2003, Kenny Mann wrote:
> >
> > > I have yet to find samba for QNX with encpryption nor do I have the
> > > time to port it. If perhaps you know of a location (and I
> > have tried
> > > google, although only for a short search), I would be more
> > than happy
> > > to listen however that is the only method that I know.
> > >
> > > BTW, IF someone enabled plaintextpassword's does that mean
> > that ALL of
> > > there passwords are plaintext or just any that can't be encrpyted?
> >
> > Re-enabling plain text password support by the registry
> > change does NOT disable encrypted password support at all. It
> > just re-enables plain text based authentication.
> >
> > MS Windows clients do NOT cache the plain text password, only
> > the encrypted password. So if you do not enable encrypted
> > passwords on Samba then when the MS Windows client drops a
> > connection and later tries to restore the connection, this
> > later re-connect can only send the encrypted password which
> > will fail if you do not have this enabled in samba. The
> > result then will be a blue kiss of death screen on the client.
> >
> > To enable encrypted passwords in samba: In smb.conf [globals] put:
> > 	encrypted password = Yes
> >
> > Then for each of your users:
> > 	smbpasswd -a 'usern_name'
> >
> > For some time now samba compiles in encrypted password
> > ability, you just need to enable it as per above.
> >
> > - John T.
> >
> > >
> > > THANKS!
> > >
> > > --KM
> > >
> > > > -----Original Message-----
> > > > From: Andrew Bartlett [mailto:abartlet at samba.org]
> > > > Sent: Wednesday, March 12, 2003 3:55 PM
> > > > To: Kenny Mann
> > > > Cc: John H Terpstra; Sacha HAEGELIN; samba at lists.samba.org
> > > > Subject: RE: [Samba] Windows XP and plain text password
> > > >
> > > >
> > > > On Thu, 2003-03-13 at 05:01, Kenny Mann wrote:
> > > > > Samba built for OS's such as QNX do not have the encryption
> > > > > capability. You must have plain text turned on. Perhaps he
> > > > is in the
> > > > > same position.
> > > >
> > > > Why?  It's certainly not a code-size issue, as there are
> > much bigger
> > > > parts of samba...
> > > >
> > > > It seems a pretty lame excuse for almost complete incompatibility
> > > > with out-of-the-box installations.
> > > >
> > > > Andrew Bartlett
> > > >
> > > > --
> > > > Andrew Bartlett
> > abartlet at pcug.org.au
> > > > Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> > > > Student Network Administrator, Hawker College
> > abartlet at hawkerc.net
> > > > http://samba.org     http://build.samba.org     http://hawkerc.net
> > > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> > --
> > John H Terpstra
> > Email: jht at samba.org
> >
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list