samba - Jul 1998 - New installation

>From the docs file WinNT.txt
   Passwords:
   =========   One of the most annoying problems with WinNT is that NT refuses
to
   connect to a server that is in user level security mode and that
   doesn't support password encryption unless it first prompts the user
   for a password.
    
   This means even if you have the same password on the NT box and the
   Samba server you will get prompted for a password. Entering the
   correct password will get you connected only if Windows NT can
   communicate with Samba using a compatible mode of password security.
     
The document goes on to say that you can do some surgery on your NT
system with regedt32 to allow unencrypte passwords.  I presume this is
the situation I'm up against right now, as when I try to map my samba
server to my NT workstation, get a dialog box marked "Enter Network
Password" that looks something like this: 

	Incorrect password or unknown username for 
	   \\SMBSERVER                                    OK
                                                        Cancel
	Connect As: ____________________________         Help
	Password:   ____________________________

If I have to go around to every NT box in the company and hack the
registry, I'm not going to be able to use Samba.  Am I missing something?
Certainly wouldn't be the first time.

How do I use Samba without compromising security on my server AND
without modifying the client?


-- 
Chris Knox                                               cknox@hypercom.com
Hypercom, Inc.                                               (602) 504-5888
Unix Systems Support                              Speaking only for myself.

Of course samba can handle encrypted passwords.
The configuration is just a little harder.
from the sample smb.conf:

--> # You may wish to use password encryption. Please read
--> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba
documentation.
--> # Do not enable this option unless you have read those documents
-->  encrypt passwords = yes
-->   security = user

This is nearly all. You will have to set up a file named "smbpasswd",
which is
basically your "/etc/passwd" plus the user password, encrypted in two
different
ways. The passwords have to be the same as in the /etc/passwd file.
Use the command "<SAMBA_DIR>/bin/smbpasswd" for that.
Have a look at the option
; passwd chat = "*New password*" %n\n "*Re*new password*"
%n\n
too, to change /etc/passwd and smbpasswd with one command.

You also could change your security level to "server" and ask your PDC
for
password validation. Then you don't need a "smbpasswd" file.
But as far as I know you still have to take care, to
use the same passwords on the PDC and the unix system (/etc/passwd or
shadow)
This means  you not only have to list the users, that use samba, in your
/etc/passwd,
but also have to take care to use the same passwords.

-->  # Security mode. Most people will want user level security. See
-->  # security_level.txt for details.
-->     security = server
-->  # Use password server option only with security = server
-->     password server = <NT-Server-Name>

Good luck

Juergen