samba - Mar 1999 - SAMBA digest 2009: NT Workstation "Default" Username and Password

Hi!
This is because NT and Samba don't understand each others encryption, plain
password must be used. The NT service pack 3 makes an change in the system,
so encrypted passwors are always tried first. To make it use plain
passwords at all, a registry edition is required. Hence you get it thorugh
on the second attempt, this is done on your NT. It seems not possible to
make NT and Samba talk the same language on encrypted passwords, maybe
someone out there have an solution?

Best regards, Sigmund.

At 11:55 07.03.99 +1100, you wrote:
>			    SAMBA Digest 2009
>
>Date: Sat, 6 Mar 1999 11:54:13 +1100
>From: Malcolm McLeary <mim@mac.net.au>
>To: "SAMBA Users" <samba@samba.org>
>Subject: NT Workstation "Default" Username and Password
>Message-ID: <199903060054.LAA24675@mail.dynamite.com.au>
>
>Guys,
>
>If I have a Windows NT Workstation and I want to access shares on the 
>Linux box running SAMBA, but maintain a single username and password, 
>isn't the basic procedure to create an "account" on the
workstation which
>is the same as one on the Linux box?
>
>Then after I login on the Workstation shouldn't I be able to simply 
>double click on the Linux box icon under "Network Neighborhood"
and
>Windows NT will attempt to get a list of the shares using the username 
>and password I used for the workstation (this is working for 95).
>
>Presently I get a dialog box saying "Incorrect password or unknown 
>username" ... if I enter the same username and password again it works.
>
>Any ideas what NT is doing to get it wrong for the first attempt?
>
>Cheers,  Malcolm

On Mon, Mar 08, 1999 at 09:48:00AM +1100, Sigmund Skjelnes
wrote:
> Hi!
> This is because NT and Samba don't understand each others encryption,
plain
> password must be used. The NT service pack 3 makes an change in the system,
> so encrypted passwors are always tried first. To make it use plain
> passwords at all, a registry edition is required. Hence you get it thorugh
> on the second attempt, this is done on your NT. It seems not possible to
> make NT and Samba talk the same language on encrypted passwords, maybe
> someone out there have an solution?
Hi

IMHO NT will never send your username/password cleartext to ANY server,
without prompting you (at least after sp3). This is an important security
feature - it was possible to for example create a web-page which links to an
smb-server (<a href="//server/share/file....">...), and nt would
send your
"secret" password to this server... NOT GOOD!

NT can easily use samba with encrypted passwords. Just ass "encrypted
passwords = yes" (or similar) to your smb.conf. Then add the users you need
to your smbpasswd (as root with smbpasswd -a <username>). This was it. You
can now disable only clear-text related registry entries on your nt-box.

                                      greetings, Florian Pflug

Hi! And thank you for this very useful tip! 

I did what you suggested, and it worked, I'm not prompted for password on
logon to the linux server any more. I were'nt aware that I'd had to
assign
an smb password, I thought it was Ok as I'd had the samme username on the
linux server  as I had on the NT box, with the security = user statement in
the smb.conf. 

Best regards, Sigmund.

At 22:56 08.03.99 +0100, you wrote:
>On Mon, Mar 08, 1999 at 09:48:00AM +1100, Sigmund Skjelnes wrote:
>> Hi!
>> This is because NT and Samba don't understand each others
encryption, plain
>> password must be used. The NT service pack 3 makes an change in the
system,
>> so encrypted passwors are always tried first. To make it use plain
>> passwords at all, a registry edition is required. Hence you get it
thorugh
>> on the second attempt, this is done on your NT. It seems not possible
to
>> make NT and Samba talk the same language on encrypted passwords, maybe
>> someone out there have an solution?
>Hi
>
>IMHO NT will never send your username/password cleartext to ANY server,
>without prompting you (at least after sp3). This is an important security
>feature - it was possible to for example create a web-page which links to an
>smb-server (<a href="//server/share/file....">...), and nt
would send your
>"secret" password to this server... NOT GOOD!
>
>NT can easily use samba with encrypted passwords. Just ass "encrypted
>passwords = yes" (or similar) to your smb.conf. Then add the users you
need
>to your smbpasswd (as root with smbpasswd -a <username>). This was it.
You
>can now disable only clear-text related registry entries on your nt-box.
>
>                                      greetings, Florian Pflug
>
>