[KLUG Members] Re: Samba -- the politics of encrypted passwords
Bryan J. Smith
members@kalamazoolinux.org
05 Dec 2002 08:32:08 -0500
--=-ZWAaz0bmR1kLCRE1tUZS
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2002-12-04 at 21:11, Jon Smitley wrote:
> OK. I think I should probably fight my way through with the encrypted
> passwords.
Two things to remember about encrypted passwords:
1. They are 100% false security (verbatim "password hash")
2. They only affect how Windows clients make "assumptions"
If you run NT-based Windows (4.0, 5.0/5.1 aka 2000/XP), then #2 is what
matters. #2 is why you have to retype your password when connecting to
different servers with NT-based Windows when not using encrypted
passwords. If you enable encrypted passwords, NT-based Windows now
catches them, so you don't run into this.
Again, it's 100% false security, but it is required to make Windows
clients act differently out of 100% pure "assumption" BS. =20
> And thank you for your responses to this issue. But just to
> let you know a few of the things your saying are about 6 feet over my
> head. So if you don't mind I'll ask a few questions to you about what
> is/isn't happening. I sent a copy of smb.conf to Stu earlier because he
> helped (if not on his own) get Samba running at the last KLUG meeting,
> so if he contacts me I'll let you know.
>=20
> For your info I am using:
> RH 8.0
> Samba 2.2.7
> Webmin 1.030
> I don't have a good grasp on all the command line skills, so I use a
> GUI.
For Samba, "SWAT" (Samba Web Admin Tool) is the best, most featured.
> Basically, Win98 can see to the point that security sets in, whether it
> at the user level or the share level.
>=20
> At user level I get;
> //Madness/IPC$
> Password ______________
>=20
> At share level I get;
> //Madness/sharename
> Password ___________________
> And here I'm stuck.
Are you using "share" security? Or "user" security?
--=20
Bryan J. Smith, E.I. (BSECE) Contact Info: http://thebs.org
[ http://thebs.org/files/resume/BryanJonSmith_certifications.pdf ]
------------------------------------------------------------------
The more government chooses for you, the less freedom you have.
--=-ZWAaz0bmR1kLCRE1tUZS
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA971VYDjEszaVrzmQRAuXAAJ4h7BL90JL/kB644J+dUD9zKO1XbQCcDUcU
nUW8nmuQ7L9CbHSW5A5NjhA=
=R4J+
-----END PGP SIGNATURE-----
--=-ZWAaz0bmR1kLCRE1tUZS--