Hi, I have a network with a mix of Win95 and 98 machines (thus some use encrypted passwords by default and some don't. I already have all the users in a Unix password file therefore I'd like to use non encrypted passwords if I can and fall back on encrypted passwords if I don't have a choice (patched Win95 and Win98) because that requires people with encrypted password machines to populate the smbpassword file. The ideal setup would be to have non encrypted passwords with the update encrypted = yes for the older machines, and encrypted passwords for the newer ones. I've searched the mailing list archives and found the message that suggests to use "include = smb.conf.%M" This however, means that I have to keep track of all the machines, and create the smb.conf.machine files. Is there a better way? Can I use %R to find which machines require encrypted passwords? Or is there any other way to have Samba support both at the same time without having to give it a list of clients and protocol to use? Thanks, Marc -- Home page: http://magic.metawire.com/~merlin/ (browser friendly) Finger merlin@magic.metawire.com for PGP key and other contact information
Langsteiner Martin ZFF IE-F
1998-Aug-03 07:38 UTC
Supporting both non encrypted and encrypted passwords
Marc Merlin wrote: >... is there any other way to have Samba support both at the same > time without having to give it a list of clients and protocol to use? Hi Marc, not the solution, only a hint: We have a mixed environment of NT4 and WFWG machines. The latter will use plain text passwords, the others will encrypt them. I setup the smbpasswd file as described in ENCRYPTION.txt (in the Samba documentation), and, as we are _only_ 12 users wanting to access the shares, gave everyone a simple initial samba password. Then I asked the NT4 users to login to the samba server (Linux 2.x, Samba 1.9.18p8) as Unix users and change their samba password with the smbpasswd command. After this, everyone got access to the samba shares, be he NT4 or WFWG user. I don't know how and why - but it works... As I understood ENCRYPTION.txt, Unix is not able to check LANMAN or NT4 encrypted passwords directly against the (original) Unix password file, because both are one-way hashed, but with different methods. So I conclude that Samba needs its extra smbpasswd file to verify NT4 logons at all. Good luck, Martin
Langsteiner Martin ZFF IE-F
1998-Aug-04 08:28 UTC
Supporting both non encrypted and encrypted passwords
> On Mon, Aug 03, 1998 at 18:47, Marc Merlin wrote: >> Mmmh. So you are saying that WfWg users are authentificated against > /etc/passwd and NT4+SP3 users authentificated against smbpasswd? Looks like that! > How did you setup /etc/smb.conf to accomplish this? [global] domain master = no local master = yes preferred master = no os level = 89 guest account = nobody workgroup = BATCAVE server string = Linux Samba Server auto services = guest password level = 8 case sensitive = no log level = 2 log file = /usr/local/samba/var/log max log size = 1000 config file = /usr/local/samba/lib/smb.conf lock directory = /usr/local/samba/var/ status = yes character set = iso8859-1 valid chars = ?:? ?:? ?:? ? keepalive = 60 encrypt passwords = yes [homes] comment = Home Verzeichnis browseable = no read only = no create mask = 7664 [guest] comment = Gastanwender path = /home/samba read only = no guest ok = yes [bats] comment = Alles_moegliche path = /home/allg valid users = @wombat read only = no>I use 'security=share' - which is the default. Thank you for your mail! It made me look up some more things, and so I found out that the [homes] shares may be connected to by everybody who knows one valid username. This is not what you want, I suppose. The [bats] share is protected by 'valid users = @groupname'. To connect to it, I must supply a valid username out of this (Unix) group and its valid password. > I am just hoping that you'd be able to get samba to automatically test ...<snip> Now, as I know more, I'm afraid, I'm not... Regards, Martin