Samba - all messed up

Fri Sep 16 02:45:10 UTC 2005

On Thu, 15 Sep 2005, Rick Stevens wrote:

> Bob McClure Jr wrote:
> > On Wed, Sep 14, 2005 at 10:41:55PM -0600, brad.mugleston at comcast.net wrote:
> >
> > > On Wed, 14 Sep 2005, Mark Knecht wrote:
> > >
> > >
> > > > On 9/14/05, brad.mugleston at comcast.net <brad.mugleston at comcast.net>
> > > > wrote:
> > > >
> > > > > When things were simple (Windows 95) Samba setups were easy then
> > > > > Bill determined that he needed to make my life complicated.
> > > > >
> > > > > Now in my house I have some Windows 98 machines, some windows XP
> > > > > and even an old Win 95 laptop my daughter likes.
> > > > >
> > > > > I can print to my linus boxes and their printers but I can't seem
> > > > > to get everyone happy about sharing files from the Linux boxes
> > > > > where everything is saved.
> > > > >
> > > > > So how do I give access to Win95 through XP to my FC2 box using
> > > > > Samba?  I've got password encription on (I think, I've messed
> > > > > withit so much I'm not sure anymore)  I did that cause I couldn't
> > > > > see how to shut it off in the XP box.
> > > > >
> > > > > Does anyone have a quick how to set this up so everyone can play?
> > > > >
> > > > > BTW the NFS stuff is working great.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Brad Mugleston, KI0OT
> > > >
> > > > Brad,
> > > >   I'll only suggest that it's pretty difficult. Consider making the
> > > > Windows side of the house consistent in terms of Windows so that your
> > > > work in this area is significantly simplified.
> > > >
> > > > Good luck,
> > > > Mark
> > > >
> > >
> > > Mark,
> > >
> > > Thanks - I'd like to make the windows side consistent and load
> > > Linux on them all BUT thats not possible at this time.  The XP
> > > machines are relatively new but the older machines would not
> > > handle XP or don't want to risk loosing what they have on them.
> > >
> > > I'll try to move forward as best as possible.
> > >
> > > Brad
> >
> >
> > I think what Mark means is that older Winxx defaulted to plaintext
> > passwords, while later ones defaulted to encrypted.  You probably need
> > to set your Win9x boxes to encrypt passwords.
>
> Correct.  The following Windows versions used plaintext passwords:
>
> 	3.11 (Windows for Workgroups)
> 	95 (without SMB patch)
> 	WinNT V3.xx
> 	WinNT V4.x (before SP3)
>
> The following use encrypted passwords:
>
> 	95 (with SMB patch)
> 	98
> 	CE (PDAs and such)
> 	ME
> 	NT V4.x (with SP3 or later)
> 	XP
> 	2000
> 	2003
>
> Unfortunately, under "user level" security mode, Samba can only do one
> mode at a time, either encrypted or plaintext.  If you use domain- or
> server-level security (which would allow mixed plaintext and encrypted
> passwords),  you need a Windows PDC somewhere on your network to do the
> password validation.
>
> AFAIK, if you MUST keep a Windows version that uses plaintext, you'll
> have to make them ALL use plaintext.  This can be done by modifying the
> registry.  The Samba distribution includes files to do that.
>
> Go to the /usr/share/doc/samba-(version)/registry directory.  In there
> you'll find files named "*_PlainPassword.reg".  Find the one that's
> appropriate for your use (for XP, use the Win2000 file), copy it to a
> DOS formatted floppy, take the floppy to the offending machine and
> EXECUTE the .reg file.  This will turn off encrypted passwords on the
> machine.  You can then set "encrypt passwords = no" in
> /etc/samba/smb.conf and use plaintext.
>
> Note, however, that your network is now vulnerable to password sniffing
> using stupid tools like tcpdump.  Since this is your home LAN, that may
> not be much of an issue.  I would NOT recommend this to anyone whose
> network is exposed to the Internet in any way, shape or form.
>
> By the way, I HIGHLY recommend you get a copy of O'Reilly's "Using
> Samba", 2nd edition, by Ts, Eckstein and Collier-Brown.  This is all
> explained in chapter 9, starting on page 296.
>
> Stupid Windows Joke:  Have you ever noticed what Windows has become
> with CE, ME and NT?  Coincidence?
> ----------------------------------------------------------------------
> - Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
> - VitalStream, Inc.                       http://www.vitalstream.com -
> -                                                                    -
> -      The moving cursor writes, and having written, blinks on.      -
> ----------------------------------------------------------------------

Thanks Rick and everyone else.  I kind of thought that the
easiest way would be to have plain text passwords but had no idea
how to set them all back up.  I'll go back and fix everything
after a good nights sleep - been up too much this week.

Brad