samba - Jan 2005 - Trouble migrating from plain text to encrypted passwords

Hi,
I'm looking for some help to migrate from plain text to encrypted passwords.
I'm using smbpasswd for authentication on a FreeBSD 4.9 server with samba 
2.2.8. 
When we set up our server, we had Win95 clients with plain text passwords. As 
we introduced Win98 clients, we just kept with the plain text passwords.
Now we are looking at XP clients and enctrypted passwords.
My understanding from everything I've found on this subject is that by
setting
update encrypted = Yes and encrypt password = no, I sould be able to migrate 
from unencrypted to encrypted passwords.
I've made those settings in swat, logged in on a plain password client &
then
set the client to use encrypted passwords and tried to log in again, but the 
password is refused.

Here's the Global section of my smb.conf:
# Samba config file created using SWAT
# from logger (192.168.0.7)
# Date: 2004/07/08 21:01:49

# Global parameters
[global]
	workgroup = 3D_RADIO
	netbios name = MSGSERVER
	server string = Message Server
	interfaces = 192.168.0.2/24
	update encrypted = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *New* %n\r *Retype* %n\r *done*
	password level = 1
	unix password sync = Yes
	log file = /var/log/smblog.%m
	max log size = 50
	time server = Yes
	logon script = %U.bat
	logon home = \\%L\%U\.profiles
	domain logons = Yes
	os level = 33
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	wins support = Yes
	guest account = onair
	create mask = 0764
	hosts allow = 192.168.0. 127.
	preserve case = No
	short preserve case = No

Should this work, or do I have to scrap the smbpasswd file & start again?
Hope someone can help me out!


Cheers,
-- 
Ian

GPG Key: http://homepages.picknowl.com.au/imoore/imoore.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20050108/16ce1288/attachment.bin

On Sun, 9 Jan 2005 19:06, Christoph Scheeder wrote:
> Ian Moore schrieb:
> > Hi,
> > I'm looking for some help to migrate from plain text to encrypted
> > passwords. I'm using smbpasswd for authentication on a FreeBSD 4.9
server
> > with samba 2.2.8.
> > When we set up our server, we had Win95 clients with plain text
> > passwords. As we introduced Win98 clients, we just kept with the plain
> > text passwords. Now we are looking at XP clients and enctrypted
> > passwords.
> > My understanding from everything I've found on this subject is
that by
> > setting update encrypted = Yes and encrypt password = no, I sould be
able
> > to migrate from unencrypted to encrypted passwords.
> > I've made those settings in swat, logged in on a plain password
client &
> > then set the client to use encrypted passwords and tried to log in
again,
> > but the password is refused.
>
> Hi,
>   this is exactly the expected behavior.
> As long as the line
>
> encrypt password=no
>
> is in your smb.conf you can't login using encrypted passwords.
> The two lines you mention are ment to be there for a period of a few
> weeks, untill all your users have logged in at least one time.
> Then you have to remove both lines and after that point no
> cleartext-passwords will be allowed anymore.
> You can't have it both at the same time in your network.
> Christoph
Thanks Christoph,
I was wondering how samba would figure out wether you were sending an 
encrypted password or not :-)
I'll give that a try.

Cheers,
-- 
Ian Moore

GPG Key: http://homepages.picknowl.com.au/imoore/imoore.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20050109/93f435c7/attachment.bin