Hi! I'm new on the list, so please, be patient with me! I have a problem for wich I can't find the answer in the FAQ. Until recently I was running a 16 PC-s network with SCO OpenServer 5.0.4 and Samba 1.9.16p11 on the server and mixed clients (Win 3.11 to Win 95 OSR2). The users on the network have access to a PUBLIC directory on they own user directories on the server without restrictions. For the Public was no password required, for the user directory you must supply your user name and password on the SCO. In the similar way I has access to the httpd directory to manage the webserver's content directly. Three days ago I had a mad ideea to install Win 98 on my PC. Until this date I cannot map or access from WINDOWS my user directory and any other shared resurces on the SCO, because my password is rejected. Based on my previous experience with Microsoft products I try any uppercase/lowercase mixture on my password, I try to change my password, but nothing helps! So there I am... PS. If I try to access the server with TELNET, for example everithing working fine... Szekely Denes Sysop on Miercurea-Ciuc's network http://clmc.topnet.ro e-mail: dszekely@csoft.ro, denes@clmc.topnet.ro
Szekely Denes wrote:> > Three days ago I had a mad ideea to install Win 98 on my PC. Until this > date I cannot map or access from WINDOWS my user directory and any other > shared resurces on the SCO, because my password is rejected. Based on my > previous experience with Microsoft products I try any > uppercase/lowercase mixture on my password, I try to change my password, > but nothing helps! > So there I am... > PS. If I try to access the server with TELNET, for example everithing > working fine... > Szekely Denes > Sysop on Miercurea-Ciuc's network > http://clmc.topnet.ro > e-mail: dszekely@csoft.ro, denes@clmc.topnet.roPlease consider that Win98 uses encrypted passwords - Win95 used plain-text passwords. This point was discussed previous in this forum ... there is a patch to be made in the win98 registry that looks something like "encrypted passwords = 1" -> "encrypted passwords = 0" or something like that. Hope this helps.. Juergen Anzer -- snail: ANZER GmbH - Pieperstr. 14 - 32791 Lage - Germany email: rick_@t-online.de voice: (0049) 5232 / 9777-21 fax: (0049) 5232 / 78094
> From: Sarma Seetamraju <sarma@usa.net> > Subject: Re: SAMBA digest 1846 -- WIN 98 password problem > > Maybe you can allow for old+new methods of authentication in your newer > releases :- > // consider FIRST that the passwd passed is cleartext > // then use old method... of NOT using smbpasswd for authentication. > // I guess you would use that in the UNIX crypt system call & matchThis defeats the purpose of encrypted passwords. By god, when I stop collecting using the methods SAMBA already provides to us for migration to encrypted passwords, I will allow no unencryted connections. We're even getting rid of Telnet, in favor of SSH on all of our machines. Encryption is no longer a tool for the paranoid, it's a necessity... espcially considering how freqeuntly machines have been getting hacked all around me. Sure, your network might be secure... but how about every single network a packet crosses to get from any of your users' locations to the server? My honest suggestion would to be, as a quick fix, read the documentation on Encryption, as well as the Win95/NT notes, and set up the server for migration. Next, use the .reg files included with SAMBA for whichever platform you're talking about, and... TEMPORARILY... patch the client to use plaintext passwords. This impacts fewer users in the immediate sense, and allows the one problem machine to get back on the network. Go look in the DOCS directory under the SAMBA source tree... or, if you installed a RedHat Linux RPM, under /usr/doc/samba*. After a couple of weeks of collection using the 'update encrypted' flag, change 'encrypt passwords' to 'yes'. But don't just leave clients unencrypted... remember, someone sniffing the wire with linsniff or some other such tool, will get the user's logon password, and will most likely use that to compromise the rest of the server. Please, though, don't make any assumptions about passwords... even *allowing* a check against a plaintext password as a default makes the systems running such a service one step easier to crack. I've had enough serious crack attempts in the past two weeks (11 logged) to worry about without this. =) </Heavy Paranoia Mode Off> Regards, -mh. ---- . _+m"m+_"+_ Mark Hazen Systems Group Coordinator d' Jp qh qh The Franklin College of Arts & Sciences Jp O O O The University of Georgia (706)542-1546 Yb Yb dY dY O "Y5m2Y" " even the mightiest wave starts out as a ripple. "Y_ why make waves when it's easier to nurture ripples?
Thanks a lot for everyone! The workaround with registry is working well! I cannot move to general use of encrypted passwords, because of my very mixed environment!
you can connect to a samba resource with windows 98 but you have to modify the register file of windows 98 with the regedit program first, run the regedit.exe program and then add a new register in: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\VxD\VNETSUP select VNETSUP an then in the edit menu, new, DWORD value add "EnablePlainTextPassword" with the value 1 good luck restart then windows and try ______________________________ PEDRO MORALES BERRIOS LABORATORIO DE COMPUTACION IGNACIO DOMEYKO UNIVERSIDAD DE LA SERENA
Mark Hazen wrote: | This defeats the purpose of encrypted passwords nad | Encryption is no longer a tool for the paranoid, it's a necessity... | espcially considering how freqeuntly machines have been getting hacked all | around me. Sure, your network might be secure... but how about every | single network a packet crosses to get from any of your users' locations | to the server? Alas, your password is well-protected (bravo, MS!), but your data isn't. As a former professional paranoid, I look at network file systems and say ``sorry, only within **my** network''. I don't recomend letting SMB leak out, and given that, I almost don't care about plaintext passwords inside the 'net. --dave [Anything inside the wall is ``restricted distribution: non- disclosure required''. The stuff that's corporate confidential is on a different box, not on that net.] -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | davecb@hobbes.ss.org, canada.sun.com N2M 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb