[Samba] Windows 95, encrypted passwords, and secure channel communications

Jonathan Johnson jon at sutinen.com
Thu Jun 24 14:45:16 GMT 2004

First of all, let me say "I know it's been fixed in Samba 3." That's
for those of you who think I'm talking about the requiresignorseal
registry hack in Windows XP. I'm not.

I ran into an issue when using Windows 95 clients with a Windows 2003
server. (Why not Samba? The customer needs terminal services for some
windows-only programs.) Because Windows 2003, by policy, implements
tighter security including encrypted passwords and communications,
Windows 95 will NOT communicate with a Windows 2003 server. (If I'm
wrong about the encrypted passwords, someone please correct me.)

David Lechnyr's Unofficial Samba HOW-TO states in part, "Windows 95
doesn't use encrypted passwords, so this option must be disabled in
your smb.conf to support these clients... Verify that your smb.conf
file includes the parameter "encrypt passwords = yes" unless you are
using Win95/Win95a or have disabled encrypted passwords in your other
Windows clients (not a good idea)."

It turns out that Microsoft provided a patch for Windows 95, 98, and
NT4 called "Active Directory Client Extension" which provides "NTLM
version 2 authentication". At least under Windows 2003 it seems to
work, allowing my Win95 clients access to the 2003 server.

  I'm wondering if this patch will work on Windows 95 against a Samba
  server, allowing one to leave "encrypted passwords = yes" set. I
  don't have an available testbed to try it on right now.

More info:

Note: the ADCE for 9x is on the Windows 2000 CD, but not the Windows
2003 CD, and is not downloadable from Microsoft.

--Jon Johnson
Sutinen Consulting, Inc.
jon at sutinen.com

More information about the samba mailing list