help samba

[mark at buttery.org (Mark J. Dulcey)]

"Brian J. Conway" wrote:
> 
> I know this is a bit late, but rather than using plain-text passwords,
> wouldn't it be better to set up samba to use what little encryption is
> included in Win9x/NT?
> 
> -b
> 
> > I know when I set up new PC's on our network, I always forget to install plain-passwords on the win machines at first, but that always does the trick.

Setting up Samba to use encrypted passwords will indeed improve network
security, but it's a pain to administer. You have to maintain a separate
smbpasswd file (for the Windows connections), as well as the usual Unix
passwords. The reason is that the Windows encryption is not the same as
Unix encryption, and you can't get back from one to the other - only
from clear text to either one. Some administrators ease the burden by
installing a replacement program for passwd(1) that changes both Unix
and Samba passwords.

On the other hand, setting up the Windows machines to use non-encrypted
passwords is also a pain if you have a lot of them, because you have to
touch every 98/NT4/2000 system individually.

Depending on the goals and exposure of your network (for example, if
it's a small LAN with no internet connection, or behind a
well-configured firewall), using non-encrypted passwords may be
acceptable.

If you do plan to use encrypted passwords, make sure you have at least
Samba 2.0.6 - earlier versions don't work reliably - and if you have any
Win2K systems, 2.0.7 is necessary.
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).