mathog@seqaxp.bio.caltech.edu
1998-Mar-18 21:02 UTC
NT sp 3, readme, section 3.6, response?
I'm not yet running Samba, but I did just install service pack 3 on an NT machine, and the readme file section 3.6 indicated that such machines will not talk to Samba servers unless the registry is modified. Will/has Samba been brought into line so that such machines will connect without registry modifications? Thanks, David Mathog mathog@seqaxp.bio.caltech.edu Manager, sequence analysis facility, biology division, Caltech
On Thu, 19 Mar 1998 08:08:34 +1100, you wrote:> >I'm not yet running Samba, but I did just install service pack 3 on >an NT machine, and the readme file section 3.6 indicated that such machines >will not talk to Samba servers unless the registry is modified. > >Will/has Samba been brought into line so that such machines will connect >without registry modifications? >Well...sort of :-) Samba has had the ability for quite a while to be able to handle encrypted passwords passed from Windows (and NT4 (as of SP3) refuses to talk to servers that don't handle encrypted passwords unless the registry patch you mention is applied), however the method of password encryption used by SMB (MS Networking) is incompatible with a normal Unix password file. Samba must therefore maintain it's own independant password file, containing the SMB passwords. This means that it is difficult to implement and maintain, sadly there isn't much we can do about that, although there are possible solutions (such as altering your passwd program to alter both the main password file and the seperate smbpasswd file). For these reasons password encryption is not enabled by default in Samba, information on enabling it (which has become a lot easier from the 1.9.18 release) can be found in Encryption.txt in the docs directory of the main Samba distribution. Hope this helps clarify things, Simon Hyde Simon Hyde ----------------------------------------------------------- With a PC, I always felt limited by the software available. On Unix, I am limited only by my knowledge.
You wrote: | Will/has Samba been brought into line so that such machines will connect | without registry modifications? That's perhaps a little harsh (:-)) Samba used to be distributed without crypt, due to US ITAR regulations, and so couldn't default to using encrypted passwords: you had to get the extra code and compile it. It always was in line with the strongest of the MS schemes, it just wasn't legal to have on US ftp sites. The latest version has a gutted crypt, and is legal, and so you have the option of using the MS scheme or changing the MS registry to use the unix scheme. IMHO, the MS scheme is useful only if you're on a network where people won't snoop your unencryped data as it passes over the wire, but would snoop passwords. In a previous life as a security person, I called that ``wearing steel eyeglasses to protect your eyes in battle''. Not only do you get killed by bullets to the heart, but you can't see when to duck (:-)) --dave (who admits a slight bias) c-b -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | davecb@hobbes.ss.org, canada.sun.com M2N 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb