[Samba] Prevent smbpasswd lan manager field change

Jansen Robert rjansen at vub.ac.be
Tue Apr 20 07:01:37 MDT 2010


On Wed, April 14, 2010 10:45, Jansen Robert wrote:
> Added note:
>
>
> The lanmanager smbpasswd filed change seems to happen also with some
> client machines do NOT explicitaly change their password. It rather seems
> that a client seems to enforce a zero LANMAN passwd if a client has a
> higher than LANMAN protocol available.
>
> "I have a higher protocol than LANMAN, so forget the LANMAN method
> and scratch the unsafer password hash".
>
> A wild guess,...
>
>
>
> But the question remains, how to prevent this from happening ?
>
>
> Running on a Solaris 9
>
>
> Ideas welcome.
>
>
> TIA
>


Found a solution:

Users can still explicitly change their password by using
<username>@<sambaserver> on their client PC, but the Lanmanager password
has field doesn't get "zeroed" out by a bunch of XXXXXXXXXXXXX....

Look here: http://www.troubleshooters.com/linux/win9x_samba.htm

Needed smb.conf entry's:

lanman auth = Yes
client lanman auth = Yes
client plaintext auth = Yes

Default behaviour changed during/after Samba version 3.2.0.

If anyone knows how to block users explicitly changing their password via
the client PC, would be a plus.

Any takers ?

my 2 cents

TIA

--------------------------
Brussels University
Pleinlaan 2
Computer Center VUB/ULB (VUBnet)
Ing. Robert Jansen
B-1050 Brussels
Belgium (Europe)


email: rjansen at vub.ac.be
Tel:  +32-2-650.36.94
Secr: +32-2-650.37.38
Fax:  +32-2-650.37.40
--------------------------



More information about the samba mailing list