Recipe 23.8. Dealing with Windows Encrypted Password Confusion
23.8.1 Problem
You know that the default for
Samba is to use encrypted passwords, and you also know that some
Windows versions support only cleartext, not encrypted passwords.
Samba must use either encrypted passwords or cleartext; it cannot use
both. Which versions of Windows support what, and what is your best
choice?
23.8.2 Solution
These versions of Windows support only cleartext, not encrypted
passwords:
- Windows 95 pre-OSR2
- Windows NT 3.x
- Windows NT4 pre-SP3
Fortunately, there is a patch available for Windows 95. See Microsoft
Knowledge Base Article 165403; you want the
Vrdrupd.exe patch.
Up-to-date NT4 users are on SP6, so that leaves only Windows NT 3.x
users out in the cold. You can configure Samba to support cleartext
passwords, if you really want to. To do this, you must install
Registry hacks on all the non-NT3 Windows clients to enable them to
use cleartext passwords. Editing the Windows Registry is always
perilous, and this may break other applications that depend on
encrypted passwords. The best advice is, don't do
it. But if you really really want to—say, if all you have is a
LAN populated by NT3 workstations—edit
smb.conf to say encrypt passwords =
no. Then see the
/usr/share/doc/samba-doc/registry/ directory for
a complete collection of prefab Windows Registry hacks for your
non-NT3 hosts.
23.8.3 See Also
|
