-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 d.a.glynos wrote: | On Wed, 8 Jun 2005, Gerald (Jerry) Carter wrote: |>d.a.glynos wrote: |> |>| Is there a (safe) way to strip all LM hashes from |>| the password database and retain/use just the NTLM ones? |> |>You can set 'lanman auth = no' in smb.conf. | | I'm aware of this, IIRC it stops samba from | using the old LM hashes. But is there a way of | deleting the LM hashes completely from the database? | Is there a "safe" value to reset them to? I don't | want samba thinking these are disabled accounts :-)
You can set the lanman hash to a string of 32 X's. It's a little difficult to do this using tdbsam. If you don't have any custom per user information, you can pipe the output from pdbedit -L -w to an smbpasswd, edit the file and then use pdbedit to re-import them to a new tdbsam. cheers, jerry ===================================================================== Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCpv0BIR7qMdg1EfYRAuMPAJ91+hPh1C0KNxlGtayAE+CZFDxGlACfRAkU WBz3ux1RhxIyQ+Tbk0om5R0= =XtBX -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
