Date: Tue, 01 Jul 2003 13:05:30 +0700 From: Roger Merritt <mcrogerm@stjohn.ac.th> To: freebsd-questions@FreeBSD.ORG Cc: Bob Hall <rjhalljr@starpower.net> Subject: Re: Samba passwords Message-ID: <5.2.0.9.0.20030701125515.00a0cec0@127.0.0.1> In-Reply-To: <20030701043337.GA25092@kongemord.krig.net> References: <20030701044822.L645@small.pukruppa.de> <20030701002557.GB17249@kongemord.krig.net> <20030701044822.L645@small.pukruppa.de>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:33 AM 7/1/03, you wrote: >On Tue, Jul 01, 2003 at 04:54:33AM +0200, P. U. Kruppa wrote: > > On Mon, 30 Jun 2003, Bob Hall wrote: > > > > > samba-2.2.8a > > > FreeBSD 4.8 > > > > > > I'm trying to get samba running on my FBSD server. I've done this > > > previously with another server, but I can't seem to get it to > > > work this time. If I turn off password encryption, then I pass > > > all the tests in the DIAGNOSIS file, but Win2k obviously won't > > > allow the connection without encrypted passwords. If I turn > > > encryption on, I pass any test that doesn't involve a password. > > Did you change the registry entry on you win2k machine > > (i.e. did you apply > > /usr/local/share/doc/samba/Registry/Win2000_PlainPassword.reg)? > >Thanks for responding, but I need a more secure solution. The point >of setting up a samba password file is to avoid sending passwords in >plain text. I was able to pass encrypted passwords in the earlier >version of Samba. There should be a way of doing it with this version. > >What I'm hoping is that the ENCRYPTION file that was dropped from >this port (or this version, whichever) was replaced with another file >that documents how encrypted passwords are currently handled. Since >the sh script mentioned in the ENCRYPTION file has been replaced with >the undocumented make_smbpasswd file, I'm hoping that there actually is >some documentation that explains it all, as the ENCRYPTION file once did. >The documentation included with the port doesn't do the trick, and >the tests in the DIAGNOSIS file seem to indicate that I've got everything >except the encrypted passwords set up correctly. Google hasn't led to >anything, nor has searching the archives. > >Alternately, if someone who has set up encrypted passwords successfully >using the old instructions would let me know, that would help also. >Knowing that I'm an idiot would give me a more accurate basis for >proceeding. I don't know how helpful this will be, because I didn't follow through on it, but among the docfiles is one that talks about modifying /etc/pam.conf so that for certain categories of login pam uses the smbpasswd program to authenticate. It seems NT/Win2K/etc. use a cryptographic protocol that's inconsistent with the rest of the world (setting the industry standard ;-) ). Ah, take a look at /usr/local/share/doc/samba/htmldocs/PAM-Authentication-And-Samba.html. I found it hard to understand and the pam man page even worse. I played with it once because I was getting so many pam authencication errors, but I got scared and in the next upgrade I just overwrote my edited pam.conf with the vanilla distribution one and dropped back to plain-text passwords. I'm still using Win98, too. Hope this helps. -- Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030701125515.00a0cec0>