[Samba] Prevent smbpasswd lan manager field change
rjansen at vub.ac.be
Tue Apr 20 07:01:37 MDT 2010
On Wed, April 14, 2010 10:45, Jansen Robert wrote:
> Added note:
> The lanmanager smbpasswd filed change seems to happen also with some
> client machines do NOT explicitaly change their password. It rather seems
> that a client seems to enforce a zero LANMAN passwd if a client has a
> higher than LANMAN protocol available.
> "I have a higher protocol than LANMAN, so forget the LANMAN method
> and scratch the unsafer password hash".
> A wild guess,...
> But the question remains, how to prevent this from happening ?
> Running on a Solaris 9
> Ideas welcome.
Found a solution:
Users can still explicitly change their password by using
<username>@<sambaserver> on their client PC, but the Lanmanager password
has field doesn't get "zeroed" out by a bunch of XXXXXXXXXXXXX....
Look here: http://www.troubleshooters.com/linux/win9x_samba.htm
Needed smb.conf entry's:
lanman auth = Yes
client lanman auth = Yes
client plaintext auth = Yes
Default behaviour changed during/after Samba version 3.2.0.
If anyone knows how to block users explicitly changing their password via
the client PC, would be a plus.
Any takers ?
my 2 cents
Computer Center VUB/ULB (VUBnet)
Ing. Robert Jansen
email: rjansen at vub.ac.be
More information about the samba