[Samba] 3.4.0 Samba box w/ NT 4 PDC and Win 95 client

John Lawler lists.samba.org at tgice.com
Sun Jun 6 19:46:21 MDT 2010 

Thanks for the reply, Günter.  I should've mentioned that I had run 
across similar advice when trying to diagnose Samba problems with Win95 
login past version 3.0.x, but the reason this doesn't apply to me is 
that I don't have the users defined in native Unix at all -- they're all 
only defined on the NT 4 PDC (I have "security = domain"), so I don't 
think the pdbedit -Lw / smbpasswd advice applies to me (I run pdbedit 
anyway, and confirmed th was only an entry for "nobody").

So I don't think this has anything to do with how Samba is storing a 
password, it must have to do with how it's sending the authentication 
attempt through to the NT server which is different from how it used to 
in 3.0.x.  My goal is to determine whether there's a straightforward way 
(hopefully through smb.conf) that I can regain this old behavior for the 
sake of a couple of Win95 clients.

Thanks for taking the time to reply.

On 2010-06-05 22:51, Günter Kukkukk wrote:
> Am Sonntag 06 Juni 2010 03:10:04 schrieb John Lawler:
> Hi John,
>
> make sure that
>      lanman auth = yes
> is still set in your smb.conf.
>
> As root run 'pdbedit -Lw' to list all configured samba users in the old ASCII smbpasswd format.
>
> All users listed with _both_ the LANMAN and the NT hash have valid stored password hashes for the
> old legacy case and the newer ones- like:
> linux:1003:BBBBD20B0D2670EBAAD3B435B4140475:B123AB4ECC88F8BBB126FF3A08D9C600:[U          ]:LCT-4B1ED764:
> Those listed users should be able to logon.
>
> In case you get user entries like
> linux:1003:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:B123664EC733B395A7260A3A08D9C699:[U          ]:LCT-4B1ED796:
> the old LANMAN hash is no longer available and a legacy logon will fail.
>
> What you can do:
>
> 1.) make sure, that "lanman auth = yes" is still set in your smb.conf
> 2.) for all your win95 client users listed as "....XXXXXXXXXXXXXXXXX...." above, you need to run (as root)
>      smbpasswd username
>      (or even smbpasswd -a username )
>      You need to enter the users password twice as usual
>     This procedure will re-install the LANMAN hash again (and also the NT hash!)
> 3.) check again with 'pdbedit -Lw' that the LANMAN hash is available now your for your win95 users
>
> Please note, that setting "lanman auth = yes" implies a security problem.
>
> Cheers, Günter
>
> BTW - never ever post above mentioned LANMAN and NT hashes to the public - they are like
> plaintext passwords (so my ones above are scrambled by intention)

More information about the samba mailing list