[Samba] Prevent smbpasswd lan manager field change

Jansen Robert rjansen at vub.ac.be
Tue Apr 20 07:01:37 MDT 2010

On Wed, April 14, 2010 10:45, Jansen Robert wrote:
> Added note:
> The lanmanager smbpasswd filed change seems to happen also with some
> client machines do NOT explicitaly change their password. It rather seems
> that a client seems to enforce a zero LANMAN passwd if a client has a
> higher than LANMAN protocol available.
> "I have a higher protocol than LANMAN, so forget the LANMAN method
> and scratch the unsafer password hash".
> A wild guess,...
> But the question remains, how to prevent this from happening ?
> Running on a Solaris 9
> Ideas welcome.

Found a solution:

Users can still explicitly change their password by using
<username>@<sambaserver> on their client PC, but the Lanmanager password
has field doesn't get "zeroed" out by a bunch of XXXXXXXXXXXXX....

Look here: http://www.troubleshooters.com/linux/win9x_samba.htm

Needed smb.conf entry's:

lanman auth = Yes
client lanman auth = Yes
client plaintext auth = Yes

Default behaviour changed during/after Samba version 3.2.0.

If anyone knows how to block users explicitly changing their password via
the client PC, would be a plus.

Any takers ?

my 2 cents


Brussels University
Pleinlaan 2
Computer Center VUB/ULB (VUBnet)
Ing. Robert Jansen
B-1050 Brussels
Belgium (Europe)

email: rjansen at vub.ac.be
Tel:  +32-2-650.36.94
Secr: +32-2-650.37.38
Fax:  +32-2-650.37.40

More information about the samba mailing list