On Tue, Jul 01, 2003 at 04:54:33AM +0200, P. U. Kruppa wrote: > On Mon, 30 Jun 2003, Bob Hall wrote: > > > samba-2.2.8a > > FreeBSD 4.8 > > > > I'm trying to get samba running on my FBSD server. I've done this > > previously with another server, but I can't seem to get it to > > work this time. If I turn off password encryption, then I pass > > all the tests in the DIAGNOSIS file, but Win2k obviously won't > > allow the connection without encrypted passwords. If I turn > > encryption on, I pass any test that doesn't involve a password. > Did you change the registry entry on you win2k machine > (i.e. did you apply > /usr/local/share/doc/samba/Registry/Win2000_PlainPassword.reg)?
Thanks for responding, but I need a more secure solution. The point of setting up a samba password file is to avoid sending passwords in plain text. I was able to pass encrypted passwords in the earlier version of Samba. There should be a way of doing it with this version.
What I'm hoping is that the ENCRYPTION file that was dropped from this port (or this version, whichever) was replaced with another file that documents how encrypted passwords are currently handled. Since the sh script mentioned in the ENCRYPTION file has been replaced with the undocumented make_smbpasswd file, I'm hoping that there actually is some documentation that explains it all, as the ENCRYPTION file once did. The documentation included with the port doesn't do the trick, and the tests in the DIAGNOSIS file seem to indicate that I've got everything except the encrypted passwords set up correctly. Google hasn't led to anything, nor has searching the archives.
Alternately, if someone who has set up encrypted passwords successfully using the old instructions would let me know, that would help also. Knowing that I'm an idiot would give me a more accurate basis for proceeding.
I don't know how helpful this will be, because I didn't follow through on it, but among the docfiles is one that talks about modifying /etc/pam.conf so that for certain categories of login pam uses the smbpasswd program to authenticate. It seems NT/Win2K/etc. use a cryptographic protocol that's inconsistent with the rest of the world (setting the industry standard ;-) ). Ah, take a look at /usr/local/share/doc/samba/htmldocs/PAM-Authentication-And-Samba.html. I found it hard to understand and the pam man page even worse.
I played with it once because I was getting so many pam authencication errors, but I got scared and in the next upgrade I just overwrote my edited pam.conf with the vanilla distribution one and dropped back to plain-text passwords. I'm still using Win98, too.
Hope this helps.
-- Roger
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
