samba - Jul 1998 - [SUMMARY] Re: New installation (samba passwords)

I had just sent this whine out when I discovered the ENCRYPTION.txt file
in the docs directory.  Thanks to Bill Knox (no relation that I know of)
for confirming what I had begun to suspect when I finally RTFM.

My samba installation is now working like a champ.

I'm now wondering about an enhancement to smbpasswd that will allow
UNIX-like password expiration and forced changes.  And of course, now we
need samba-crack....  Meanwhile, it's looking great!  This is going to
save us a lot of hassles!


Chris


According to cknox:
> 
> >From the docs file WinNT.txt
> 
>    Passwords:
>    =========>    One of the most annoying problems with WinNT is that NT
refuses to
>    connect to a server that is in user level security mode and that
>    doesn't support password encryption unless it first prompts the user
>    for a password.
>     
>    This means even if you have the same password on the NT box and the
>    Samba server you will get prompted for a password. Entering the
>    correct password will get you connected only if Windows NT can
>    communicate with Samba using a compatible mode of password security.
>      
> The document goes on to say that you can do some surgery on your NT
> system with regedt32 to allow unencrypte passwords.  I presume this is
> the situation I'm up against right now, as when I try to map my samba
> server to my NT workstation, get a dialog box marked "Enter Network
> Password" that looks something like this: 
> 
> 	Incorrect password or unknown username for 
> 	   \\SMBSERVER                                    OK
>                                                         Cancel
> 	Connect As: ____________________________         Help
> 	Password:   ____________________________
> 
> If I have to go around to every NT box in the company and hack the
> registry, I'm not going to be able to use Samba.  Am I missing
something?
> Certainly wouldn't be the first time.
> 
> How do I use Samba without compromising security on my server AND
> without modifying the client?
> 
> 
> -- 
> Chris Knox                                               cknox@hypercom.com
> Hypercom, Inc.                                               (602) 504-5888
> Unix Systems Support                              Speaking only for myself.
> 

-- 
Chris Knox                                               cknox@hypercom.com
Hypercom, Inc.                                               (602) 504-5888
Unix Systems Support                              Speaking only for myself.