Date: Thu, 22 Mar 2001 02:42:08 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Forrest" <praxis@techpraxis.com>, "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: Samba encrypted passwords and question to Ted Mittelstaedt... Message-ID: <006001c0b2bc$beabcda0$1401a8c0@tedm.placo.com> In-Reply-To: <B6DEDDF7.2A0E%praxis@techpraxis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
That bit is in there because the older Samba versions 1.9 are very bad for Windows 2K systems (according to the Samba site) and can affect data integrity, and I wanted to strongly encourage (threaten?) anyone who was thinking of running Samba to compile and install the current version no matter what FreeBSD version they were running. The older package that I did test with didn't have encryption turned on. Of course that was a bit of hand-waving because you could have used a password server (like an NT system) without going to the trouble of setting up encryption on the Samba server. Of course I don't like that because if you do it you are just giving the enemy one more reason not to run your stuff. :-) So, I feel if your going to run encryption on your network, you set it up on the Samba server too. Witht he 2.0X version of Samba, they took out all the options for encryption, it's now compiled in by default. So, yours supports encryption. Before going further, as I mentioned in the book you want to go into /usr/ports/net/samba/work/samba-2.0.7/docs/textdocs and read ENCRYPTION.txt All the convert_smbpasswd script does (not binary) is to change a 1.9.18 smbpasswd file format into a Samba 2.0 smbpasswd file format. Did you have the older samba version running? In a nutshell, the way Samba handles the nonencrypted passwords is the server takes the unencrypted password and crypts it and matches the result with the UNIX system password file. With encrypted passwords, it cannot do this because the password is already crypted when samba gets them. Since the UNIX and Microsoft crypting functions are different, the samba system has to maintain 2 duplicate password files, one with passwords crypted the Microsoft way, the other with them crypted the UNIX way. So, it has to ge the cleartext password initially from the system admin when the user is first set up, so it can create both different password files. Thus, you have to use the smbpasswd program instead of the regular passwd program. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Forrest >Sent: Wednesday, March 21, 2001 10:39 PM >To: FreeBSD Questions >Subject: Samba encrypted passwords and question to Ted Mittelstaedt... > > >Hi, everybody. Probably some of you have got Ted Mittelstaedt's excellent >book, The FreeBSD Corporate Networker's Guide. I was wondering if Ted and >others could resolve this question, as I am working tonight on getting >encrypted passwords to work on my FreeBSD 4.3 system. > >On page 246 of his book, 1/2 way down, this quote: >"For various reasons the precompiled Samba software distributed >with FreeBSD >has encryption disabled by default. To support encryption, the Samba server >must be recompiled, which is one reason I recommend downloading the latest >version of Samba and compiling it." > >My system is FreeBSD, 4.3-BETA, cvsup-ed two weeks ago. The samba version >is 2.0.7, obtained from the latest sources on the ftp.freebsd.org server. >Ted, is your statement true under these circumstances? Mailing Group: what >procedure did you follow to get encrypted passwords working on your FreeBSD >recent systems? Do I have to use the /usr/local/bin/convert_smbpasswd >binary? > >Cheers, >Forrest > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006001c0b2bc$beabcda0$1401a8c0>