[Samba] encrypted passwords: what negotiation with what client?
Karel Kulhavy
clock at atrey.karlin.mff.cuni.cz
Wed Sep 1 12:43:57 GMT 2004
Hello
man smb.conf encrypt passwords says:
"This boolean controls whether encrypted passwords will be negotiated
with the client. Note that Windows NT 4.0 SP3 and above and also
Windows 98 will by default expect encrypted passwords unless a registry
entry is changed."
What does this mean? From my point of view it can mean 4 totally
different things:
1) That when I run smbd with encrypt passwords = no and NT4.0 client
with default installation, it won't work because NT4.0 client will send
encrypted password and Samba require a plaintext password?
2) That when I run smbd with encrypt passwords = no and NT4.0 client
with default installation, it will work, because NT4.0 client will
albeit expect encrypted passwords, however will resort to unencrypted
passwords upon being told by the server they are the only available
option?
3) That when I run smbclient //windows_machine_with_nt40/share with
encrypt passwords = no, it won't work because NT4.0 server will expect
encrypted bassword and will be supplied with unencrypted one
4) That when I run smbclient //windows_machine_with_nt40/share with
encrypt passwords = no, it will work, because NT4.0 server will albeit
expect encrypted passwords, however will resort to accepting unencrypted
one after being told by smbclient unencrypted ones are the only
possible option?
Basically, the manpage doesn't say two things:
1) whether this relates to a win client -> samba server or samba client
-> win server case
2) What does the word "expect" mean.
What does encrypt passwords = no mean? From my point of view it can
mean 3 totally different things:
1) Encrypted passwords won't be negotiated at all (i. e., it will be
left up to the client whether encrypted or unencrypted passwords will be
used)
2) Unencrypted passwords will be negotiated with the client and if the
client refuses to use unencrypted passwords, then the connection will be
terminated
3) Unencrypted passwords will be negotiated with the client, however
if the client refuses to use unencrypted passwords, then encrypted ones
will be used?
Basically the man page says what happens when I say "yes", but doesn't
say anything what happens when I say "no".
Cl<
More information about the samba
mailing list