Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Tyrone C. Miles on July 31, 2002, 07:29:20 PM

Title: Samba
Post by: Tyrone C. Miles on July 31, 2002, 07:29:20 PM

Does e-smith use encripted passwords for Samba? I am still using Windows 95 in my network but I also use NT, 2000 and XP and really would rather have encryption if it is not enabled? This is really important because my company wants to use e-smith but if samba does not use encryption then they may not want to use it.

Title: Re: Samba
Post by: guestHH on July 31, 2002, 09:46:31 PM

Hi,

http://www.star-support.com/downloads/mitel/howto/sambadocs/Samba-PDC-HOWTO.html

Or browse around the other documents found there.

Regards,
guestHH

Title: Re: Samba
Post by: Tyrone C. Miles on August 01, 2002, 03:41:07 AM

Well I want my server to be a stand alone. I need to know if I am going to connect to the Samba server using a Win 9X (95) client does e-smith encript the passwords between the client and the win 9x machine. And also if I connect with NT or 2000 or Xp does it encript those. I am not sure how e-smith is configured for that out the box?

Title: Re: Samba
Post by: Darrell May on August 01, 2002, 04:11:46 AM

Look in /etc/smb.conf and you will see the default e-smith setting:

encrypt passwords = yes

Darrell

Title: Re: Samba
Post by: Tyrone C. Miles on August 01, 2002, 04:35:35 AM

Thank you guys for all your help. I have one last question to ask. Does anyone know if Win 95 sends it's passwords encrypted to and from he e-smith samba? Or does it send encrypted to other OS's and drop that for Samba. That is the last thing I need to know. :)

Title: Re: Samba
Post by: Greg Zartman on August 01, 2002, 10:54:23 PM

It's my understanding that passwords are never really send across the network when one attempts to authenticate.   In short, the server sends out a challenge to the client when it requests a service (e.g., a share) based on a random number.  The client then replies to this challenge and sends back a reply string generated from the users password using a special algorithm.  When the reply hits the server, the server runs the same algorithm using the users stored password.  If the reply matches the servers calculations, the user is authenticated.  

I believe that MS updated this authentication process sometime after the release of Win95 and Win NT pre-SP3.  This update causes a problem with Samba unless it is configured to use encrypted passwords.

Have a read of this:
http://us2.samba.org/samba/ftp/docs/textdocs/Win95.txt

Hope this helps.

Greg Zartman

Title: Re: Samba
Post by: Tyrone C. Miles on August 02, 2002, 05:23:16 AM

Sounds great! Thank you guys for all your help! :)

Title: Re: Samba a bit more to the story
Post by: Nathaniel Brown on August 28, 2002, 08:18:26 AM

I ran into this a while ago and the reason why the samba team decided to leave off encryption by default was that it provided NO SECURITY. If I remeber correctly the encryption algorithym was bad. When the packets are transmitted you get two numbers and the hasshed password and you can then spoof the server.

Basically if some one knows how to get in via the unencrypted they can also get in the encrypted way.