[Samba] Win98/2000 with plaintext?

John H Terpstra jht at samba.org
Thu Jan 8 16:26:00 GMT 2004

On Thu, 8 Jan 2004, Jan Engelhardt wrote:

> >> just a pretty short and up-to-the-point question:
> >>  Is it possible to run Samba both for Windows 98SE and Windows 2000
> >>  Professional using plaintext passwords?
> >
> >Plain-text passwords will not work with Domain security.
> >When a windows client drops a connection, and then tries to re-connect it,
> >the only password it can supply is the encrypted hash. If your Samba
> But if plaintext passwords are used, there is no such hash, and thus, no such
> hash can be re-submitted. (I am using security level 'user') However, all
> Windows98 copies that I have installed (be it on a laptop or in VMware), if I
> put those machines to standby, they loose their TCP/IP connections after some
> specific amount of time. (That is, if I turn them on right away again, they
> still work just before) If the connections are dropped, Windows just picks them
> up again with no problems. Probably with a delay, but in the network where I
> want to use both 98/2000, these machines are on all the time.

I think you might have mis-understood me. The Windows workstation drops
connections that are idle for some time. The Windows workstation does NOT
cache the plain-text password, it caches only the Microsoft LM and NT
password hashes. The workstation therefore CAN NOT provide the plain-text
password to permit a reconnection to succeed.

> >server does not support encrypted passwords the reconnect will not work.
> >At best you will get an error that requires logging out, followed by
> >loging on again. At worst you will get a blue sreeen of death.
> >
> >So, given that background, plain-text passwords kind of work, if you can
> >put up with the limitations described.
> So since this is possible: I have read some of the samba docs/* files provided
> with my samba-2.2.7a-72.rpm (SuSE), and have (since months) Win98 domain logons
> working fine. As I now tried to add a Windows 2000 host, I don't quite get over
> these domain registrations (host$) and stuff.
> So far I have added a user aero$ (machine name) as described in the docs, but
> Win2000 still refuses to join a domain (though it successfully joins a
> workgroup). (The registry entries are already modified to use plaintext pws.)
> Anything else I could try?

Windows 98 does not have the capability to particpate in Domain security
protocols. But has the same problem, it too does NOT cache the plain-text
password even when the plain-text registry settings have been re-enabled.

Please document the steps you are taking to join the Windows 2000 client
to the Domain. Also, please email me your smb.conf file so I can try to
assist in getting this working.

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list