[Samba] Hashes in smbpasswd

Andrew Bartlett abartlet at samba.org
Thu Sep 2 03:03:47 GMT 2004

On Tue, 2004-08-24 at 07:49, Andrew Bartlett wrote:
> On Tue, 2004-08-24 at 00:12, William Jojo wrote:
> > AIX 5.2
> > Samba 3.0.6
> > 
> > 
> > the smbpasswd file is showing only the nt (second) hash after a machine
> > join. the lm hash (first) is all X's.
> > 
> > is this expected?

It appears that machines set their passwords to strings > 14 characters,
so the new (correct) code for dealing with that doesn't store a LM hash.

> > I also noticed in LDAP that this was the case on password changes for
> > users.
> > 
> > has the LM hash been dropped?
> Yes.  For machines, it doesn't get set for a number of reasons, and for
> machines, it is also never read.  As we moved to allow the same for
> users (where they have 'long' passwords, > 14 chars), I cleaned up the
> machine password change code at the same time.

Actually, it looks like I forgot to commit that patch.  The behaviour
until now has been to, when the machine changes it's password (by
default) 7 days later to store the NT password in both fields.  

The new behaviour will be to keep the LM field XXX'ed out.

Andrew Bartlett

Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040902/5952dbcb/attachment.bin

More information about the samba mailing list