SuSE GmbH

SuSE Support Database

Title: Samba and NT4.0 and NT4.0 incl. servicepack 3

----------

Mainpage o Searchform o History o Versions o Categories o Contents
Deutsch

----------

Samba and NT4.0 and NT4.0 incl. servicepack 3

Symptom:

From version NT4.0 NT works with encrypted passwords. While NT4.0 still works with plaintext passwords (as fallback) NT4.0 incl. servicepack refuses to work (you may recognize this behaviour by repeating entering the login and the password a couple of times. Then you will be able to mount a share). (more on this topic in /usr/doc/packages/samba/ENCRYPTION.txt).

Solution:

Well, either you may convince NT via its Windows registry to use plaintext passwords (see http://www.suse.de/Support/sdb/samba_ntsp3.html), Or you might like this solution:
  1. There is a script in the samba source package called mksmbpasswd.sh. This is for creating a "special" password file out of the existing one.

    mksmbpasswd.sh:

    #!/bin/sh
    awk 'BEGIN {FS=":"
    	printf("#\n# SMB password file.\n#\n")
    	}
    { printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }
    '
    
    Example:
    1. cat /etc/passwd | mksmbpasswd.sh > /etc/smbpasswd, or
    2. ypcat passwd | mksmbpasswd.sh > /etc/smbpasswd on a NIS server, or client, respectively.
    Thereafter you have to set the permissions of this file: chmod 600 /etc/smbpasswd.
    Furthermore be aware that /etc/smbpasswd has been set by default by S.u.S.E.
  2. Well, after a /etc/smbpasswd has been generated a password a user has to be created. This is done by smbpasswd. If any user may do this the SETUID bit has to be set (chmod u+s /usr/bin/smbpasswd). Otherwise only root will be able to change passwords.
  3. Now you have to extend /etc/smb.conf (in global section):
    	encrypt passwords = yes
    
If there is more than one samba machine attached it is not necessary to do so on every machine. Samba is able to get the passwords from another machine be it an NT server or some other host. To activate this switch you will have to enter the following lines in the global section:
	security = server
	password server = YOURSERVER
Make sure that 'YOURSERVER' is the NetBIOS name of the server (NetBIOS and DNS may differ). NetBIOS names are restricted to a maximum of 15 letters. Of course you may not enter the options given above on the server itself. This would create an endless loop.

Important:
Please use an actual samba version (at least ersion 1.9.18p2)!

----------

See also:

----------

Keywords: SAMBA, NT, PASSWORD, VERSCHLÜSSELT

----------

Categories: Samba

----------

Mainpage o Searchform o History o Versions o Categories o Contents
Deutsch

----------

SDB-samba_crypt, Copyright SuSE GmbH, Nuremberg, Germany - Version:
SuSE GmbH - Last generated: 07. Oct 1999 18:02:18 by maddin with sdb_gen 1.00.0