[Samba] 3.4.0 Samba box w/ NT 4 PDC and Win 95 client
lists.samba.org at tgice.com
Sun Jun 6 19:46:21 MDT 2010
Thanks for the reply, Günter. I should've mentioned that I had run
across similar advice when trying to diagnose Samba problems with Win95
login past version 3.0.x, but the reason this doesn't apply to me is
that I don't have the users defined in native Unix at all -- they're all
only defined on the NT 4 PDC (I have "security = domain"), so I don't
think the pdbedit -Lw / smbpasswd advice applies to me (I run pdbedit
anyway, and confirmed th was only an entry for "nobody").
So I don't think this has anything to do with how Samba is storing a
password, it must have to do with how it's sending the authentication
attempt through to the NT server which is different from how it used to
in 3.0.x. My goal is to determine whether there's a straightforward way
(hopefully through smb.conf) that I can regain this old behavior for the
sake of a couple of Win95 clients.
Thanks for taking the time to reply.
On 2010-06-05 22:51, Günter Kukkukk wrote:
> Am Sonntag 06 Juni 2010 03:10:04 schrieb John Lawler:
> Hi John,
> make sure that
> lanman auth = yes
> is still set in your smb.conf.
> As root run 'pdbedit -Lw' to list all configured samba users in the old ASCII smbpasswd format.
> All users listed with _both_ the LANMAN and the NT hash have valid stored password hashes for the
> old legacy case and the newer ones- like:
> linux:1003:BBBBD20B0D2670EBAAD3B435B4140475:B123AB4ECC88F8BBB126FF3A08D9C600:[U ]:LCT-4B1ED764:
> Those listed users should be able to logon.
> In case you get user entries like
> linux:1003:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:B123664EC733B395A7260A3A08D9C699:[U ]:LCT-4B1ED796:
> the old LANMAN hash is no longer available and a legacy logon will fail.
> What you can do:
> 1.) make sure, that "lanman auth = yes" is still set in your smb.conf
> 2.) for all your win95 client users listed as "....XXXXXXXXXXXXXXXXX...." above, you need to run (as root)
> smbpasswd username
> (or even smbpasswd -a username )
> You need to enter the users password twice as usual
> This procedure will re-install the LANMAN hash again (and also the NT hash!)
> 3.) check again with 'pdbedit -Lw' that the LANMAN hash is available now your for your win95 users
> Please note, that setting "lanman auth = yes" implies a security problem.
> Cheers, Günter
> BTW - never ever post above mentioned LANMAN and NT hashes to the public - they are like
> plaintext passwords (so my ones above are scrambled by intention)
More information about the samba