[Samba] Samba v2.2.12 NTLM versions?

PhilH philswork at the-horders.co.uk
Fri Jul 4 08:54:02 GMT 2008


I am working on an old Unix system, UNIX SVR4 MP-RAS, running a Teradata database. 
Due to the age of the system (notably the C compiler, which won't handle v3 source code), I have built Samba 2.2.12 

I want to use this to share Unix directories out to XP clients as network drives, for read-write access, keeping the file ownership as strict unix users.

This all works fine, except for one thing; the passwords sent from XP don't get cleared by the password routines.  Currently I have hacked the code to allow any password, and mitigated this by restricting the share to specific users & specific IP addresses.  The file shares work perfectly apart from this, so I know the password matching bit is the only thing that's not working.

>From reading samba pages, there appears to be several different LAN manager type encryptions. 
1. The original Windows LAN Manager 
2. NT LAN Manager (NTLMv1) 
3. NTLMv2 

>From looking at the password code, I think Samba v2 supports options 1 & 2, but not NTLMv2.  Is this correct?  

What does XP send?  Is it NTLMv2? 

Where can I find a chunk of code that I can add into the smbd password library to get this to work for me? 

Or is there an easier way?  I'm an experienced programmer, but don't have much networking knowledge - should I be trying to use some sort of link to our Active Directory server (does winbind do this?)

Smb.conf listed here: 

  workgroup = EDW 
  netbios name = EDWDEV 
  lock directory = /usr/local/samba/var/locks 

  # Edit this file to assing mappings between Windows & Unix users. 
  username map = /usr/local/samba/lib/usermap.txt 

  #  XP uses encrypted passwords by default.  let's set this up. 
  security = user 
  encrypt passwords = yes 
  smb passwd file = /usr/local/samba/private/smbpasswd 
  preserve case = yes 

  Comment = Dev software directory 
  guest ok = no 
  read only = no 
  path = /home1/DEP 
  create mode = 0775 
  # restrict to listed users.  no-one else can connect. 
  valid users = laiptc2, laiptc3, laiptc5, laiptc6, laiptc7 

  # restrict to listed PCs. 
  hosts allow =,,,,, 

Phil Horder 
Teradata Developer 

More information about the samba mailing list