Samba passwords

Roger Merritt mcrogerm at stjohn.ac.th
Mon Jun 30 23:05:56 PDT 2003 

At 11:33 AM 7/1/03, you wrote:
>On Tue, Jul 01, 2003 at 04:54:33AM +0200, P. U. Kruppa wrote:
> > On Mon, 30 Jun 2003, Bob Hall wrote:
> >
> > > samba-2.2.8a
> > > FreeBSD 4.8
> > >
> > > I'm trying to get samba running on my FBSD server. I've done this
> > > previously with another server, but I can't seem to get it to
> > > work this time. If I turn off password encryption, then I pass
> > > all the tests in the DIAGNOSIS file, but Win2k obviously won't
> > > allow the connection without encrypted passwords. If I turn
> > > encryption on, I pass any test that doesn't involve a password.
> > Did you change the registry entry on you win2k machine
> > (i.e. did you apply
> > /usr/local/share/doc/samba/Registry/Win2000_PlainPassword.reg)?
>
>Thanks for responding, but I need a more secure solution. The point
>of setting up a samba password file is to avoid sending passwords in
>plain text. I was able to pass encrypted passwords in the earlier
>version of Samba. There should be a way of doing it with this version.
>
>What I'm hoping is that the ENCRYPTION file that was dropped from
>this port (or this version, whichever) was replaced with another file
>that documents how encrypted passwords are currently handled. Since
>the sh script mentioned in the ENCRYPTION file has been replaced with
>the undocumented make_smbpasswd file, I'm hoping that there actually is
>some documentation that explains it all, as the ENCRYPTION file once did.
>The documentation included with the port doesn't do the trick, and
>the tests in the DIAGNOSIS file seem to indicate that I've got everything
>except the encrypted passwords set up correctly. Google hasn't led to
>anything, nor has searching the archives.
>
>Alternately, if someone who has set up encrypted passwords successfully
>using the old instructions would let me know, that would help also.
>Knowing that I'm an idiot would give me a more accurate basis for
>proceeding.

I don't know how helpful this will be, because I didn't follow through on 
it, but among the docfiles is one that talks about modifying /etc/pam.conf 
so that for certain categories of login pam uses the smbpasswd program to 
authenticate. It seems NT/Win2K/etc. use a cryptographic protocol that's 
inconsistent with the rest of the world (setting the industry standard ;-) 
). Ah, take a look at 
/usr/local/share/doc/samba/htmldocs/PAM-Authentication-And-Samba.html. I 
found it hard to understand and the pam man page even worse.

I played with it once because I was getting so many pam authencication 
errors, but I got scared and in the next upgrade I just overwrote my edited 
pam.conf with the vanilla distribution one and dropped back to plain-text 
passwords. I'm still using Win98, too.

Hope this helps.


-- 
Roger

More information about the freebsd-questions mailing list