I have an old Samba network that uses unencrypted passwords. At the time, the posts were running win95. These days they are running win98 for the most part, but introducing new machines onto the network means fiddling with the EnablePlainTextPassword registry key. So currently, all the machines use plain-text passwords. I want to modify them all to use encrypted passwords. Naturally, I want to do this as easily (i.e., over a period of time) as possible. I thought the [update encrypted] setting would help me, but obviously I have misunderstood its purpose. I have it set to 'yes', and [encrypt passwords] is set to 'no'. So I thought that once this was done, I would be able to edit my registry key and set my PC to send an encrypted password. However, when I did this, Samba refused to authenticate me, until I re-edited the registry key to send plain-text. Can someone kindly clue me in as to how this is supposed to work? thanks, D.
Never having tried this, I have always thought that using an include directive, based on the archiecture (%a) or the ip (%I) of the machine logging in would be a way around this. Joel On Tue, Dec 11, 2001 at 11:32:40AM +0100, Sentient Organism wrote:> I have an old Samba network that uses unencrypted passwords. At the time, > the posts were running win95. These days they are running win98 for the > most part, but introducing new machines onto the network means fiddling > with the EnablePlainTextPassword registry key. > > So currently, all the machines use plain-text passwords. I want to modify > them all to use encrypted passwords. Naturally, I want to do this as > easily (i.e., over a period of time) as possible. > > I thought the [update encrypted] setting would help me, but obviously I > have misunderstood its purpose. I have it set to 'yes', and [encrypt > passwords] is set to 'no'. > > So I thought that once this was done, I would be able to edit my registry > key and set my PC to send an encrypted password. However, when I did > this, Samba refused to authenticate me, until I re-edited the registry > key to send plain-text. > > Can someone kindly clue me in as to how this is supposed to work? > > thanks, > D. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
Sentient Organism wrote:> > I have an old Samba network that uses unencrypted passwords. At the time, > the posts were running win95. These days they are running win98 for the > most part, but introducing new machines onto the network means fiddling > with the EnablePlainTextPassword registry key. > > So currently, all the machines use plain-text passwords. I want to modify > them all to use encrypted passwords. Naturally, I want to do this as > easily (i.e., over a period of time) as possible. > > I thought the [update encrypted] setting would help me, but obviously I > have misunderstood its purpose. I have it set to 'yes', and [encrypt > passwords] is set to 'no'. > > So I thought that once this was done, I would be able to edit my registry > key and set my PC to send an encrypted password. However, when I did > this, Samba refused to authenticate me, until I re-edited the registry > key to send plain-text. > > Can someone kindly clue me in as to how this is supposed to work? > > thanks, > D. >As long as you have the encrypt passwords set to no the clients will only authenticate with plain-text passwords. The purpose of the update encrypted is to allow you to build your smbpasswd file slowly and then change the Samba serve to use encrypted passwords once every user has an entry in smbpasswd. You do not need to modify the client machines. When you set the registry key to "allow" plaintext it sends plaintext to servers that negotiate that (samba with the encrypt passwords = no) and encrypted passwords to other servers (including samba with encrypt passwords = yes). Check your smbpasswd file and see if you have entries for everyone then just set encrypt passwords = yes and you are now using only encrypted passwords. For each new user you will have to add them to the smbpasswd file. -- =====================================================================Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 herb@sgi.com Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 ======================================================================