This list is the best Sun sysadmin resource on the net! I had multiple
answers and variations thereof within an hour! Thanks to everyone, and
I hope that others find this information useful.
Problem:
How to use Samba with encrypted and unencrypted passwords simultaneously,
thereby allowing access to both Win95 (unencrypted) and Win98 (encrypted)
sessions.
Samba Server: Sun Sparc 5, Solaris 2.5.1 (patched)
Clients: Windoze 95 and 98 machines
Solution(s):
Here is my short summary. Following are instructions for disabling
encrypted passwords on a Windows 98 machine, and the Microsoft
KnowledgeBase document which is quite helpful (I do not have the
details for implementing their option #1...sorry).
Some others were amazed, as was I, that I did not receive any responses
about this issue on the Samba newsgroup.
Some suggested using smbpasswd to generate password file for current
users, and I had already done that; this was a good suggestion,
especially given the *very* unclear documentation in the Samba distribution
concerning this issue. One person claimed to having solved this problem
by creating such a Samba password file, but this did not work for me nor
for several others who responded.
Many felt that using both encrypted and unencrypted passwords together
was not possible. One solution would be to turn off encryption in
Samba and add a registry key to the Win98 boxes to turn off encrypted
passwords (see below). Another more secure option would be to apply
SP1 to Windows 95 machines, which will enable encrypted passwords for
these boxes, so they will be consistent with Win98 boxes; then you
turn encrypted passwords "on" in Samba.
There was one suggestion that the only way to truly solve this problem
is to upgrade to 2.0.3 (I thought I *had* the latest and greatest!),
according to Tim Carlson.
I will first upgrade to 2.0.3 (if I can find it), and if the problem
persists then I will apply the SP1 patches to Windows 95 boxes and
enable encrypted passwords.
Thanks to:
Mark Neill
Igor Schein
Jamie Lawrence
Charlie Mengler
Harvey Wamboldt
Roger Fujii
Dan Anderson
Michael J. Connolly
Tim Carlson
MARK ZANDER
Marco Greene
Bruce Bowler
Bill Shorter
Margaret Cobleigh
Jeff Kennedy
Daniel Prieto
Stephen Oxley
Kelvin White
Mike Ghicas
Yura Pismerov
=================================================
Disabling/Enabling Encrypted Passwords in Samba:
=================================================
In the smb.conf file add/modify the following line:
encrypt passwords = no/yes
=================================================
Disabling Encrypted Passwords on Win98 Machines:
=================================================
Edit the system registry in Windows with this following entry:
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]
"EnablePlainTextPassword"=dword:00000001
The "For Dummies" version (which suits me just fine! :-) ):
>
>To enable unencrypted (plain text) passwords modify the registry in this way.
>
>WARNING: Using Registry Editor incorrectly can cause serious, system-wide
>problems that may require you to reinstall Windows NT to correct them.
>Microsoft cannot guarantee that any problems resulting from the use of
>Registry Editor can be solved. Use this tool at your own risk.
>
>1. Run Registry Editor (REGEDT32.EXE).
>
>2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:
>
> \system\currentcontrolset\services\rdr\parameters
>
>3. From the Edit menu, select Add Value.
>
>4. Add the following:
>
> Value Name: EnablePlainTextPassword
>
> Data Type: REG_DWORD
>
> Data: 1
>
>5. Choose OK and quit Registry Editor.
>
>6. Shutdown and restart Windows NT.
>
==================================
Microsoft KnowledgeBase Document:
==================================
Unable to Connect to a Samba Server with Windows 98
The information in this article applies to:
Microsoft Windows 98
SYMPTOMS
When you attempt to connect to a Samba server or a LanManager server from
your Windows 98-based client computer, the following error message may be
displayed:
Incorrect Password.
This error message may occur even though you provide the correct user
account and password.
CAUSE
This behavior occurs because Windows 98 does not send plain text
passwords to Server Message Block (SMB) servers by default.
RESOLUTION
To resolve this issue, use either of the following methods:
Method 1
Configure the Samba server to support Challenge-Handshake
Authentication Protocol (CHAP) password encryption. Please refer to
your Samba documentation for information on how to configure a Samba SMB
server.
NOTE: This is the preferred method to resolve this issue because it is
more secure than sending unencrypted passwords over the network.
Method 2
You can enable Password Authentication Protocol (PAP) plain text
password use in Windows 98. To do so, use the following steps.
WARNING: If you enable plain text password use in Windows 98, all
passwords are sent on the network in an unencrypted format. These passwords
may be viewed by anyone using a network monitoring program. If security is
a concern for your network environment, do not enable plain text passwords.
1. Insert your Windows 98 CD-ROM into the CD-ROM drive.
2. Click Start, and then click Run.
3. In the Open box, type "<drive>:\tools\mtsutil" (without the quotation
marks), where <drive> is the letter of the CD-ROM drive that contains
the Windows 98 CD-ROM, and then click OK.
4. Right-click the Ptxt_on.inf file, and then click Install.
5. Restart your computer.
Method 3
You should use the following method only if you do not have access to
the Windows 98 CD-ROM. These steps enable PAP password use without the
CD-ROM as mentioned in method 2.
1. Start Regedit.exe.
2. Locate the following key in the registry:
HKLM\System\CurrentControlSet\Services\VxD\VNETSUP
3. Change the data value for the EnablePlainTextPassword value to "1"
(without the quotation marks).
4. Restart your computer.
MORE INFORMATION
Note that this issue may also occur with other non-Microsoft SMB
servers, such as VAX or Pathworks NOS.
Keywords : 3rdpartynet win98
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbprb
===================
Original Question:
===================
>
> I apologize for this off-topic question; I tried posting it on the SAMBA
> newsgroup, to no avail (that list has the lowest answer-to-question ratio
> I have ever seen for a newsgroup or list).
>
>
> I have SAMBA 1.9.18p10 installed on a Sun Sparc 5 box. Everything
> works great with Win95 host connections, but when I try to connect from
> a Win98 box it complains about encrypted passwords. Followed the instructions
> in ENCRYPTION.txt, and put:
>
> encrypt passwords = yes
>
> in the smb.conf file (full contents below). But now when I try to
> connect from a Windows 95 or UNIX host I get:
>
> 12 <hostname:/usr/local/samba/bin#> smbclient '\\remote-host\username'
> Added interface ip=132.239.***.*** bcast=132.239.***.*** nmask=255.255.255.192
> Server time is Thu Jan 21 09:52:26 1999
> Timezone is UTC-8.0
> Password:
> Domain=[DOMAINNAME] OS=[Unix] Server=[Samba 1.9.18p10]
> security=share
> SMBtconX failed. ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree
> Connect or Session Setup are invalid.)
> Perhaps you are using the wrong sharename, username or password?
> Some servers insist that these be in uppercase
>
> This works fine if I comment out "encrypt passwords = yes". So how do I
> allow both Win98 connections and non-encrypted passwords simultaneously?
>
> Apologies in advance for what is probably a stupid question. I've looked
> through the docs, checked the web page, gone through the Samba
> newsgroup, and posted this query to that list but haven't found the answer.
>
> Thanks heaps and I'll be sure to summarize. I got many me-too's from
> the Samba list so I'll cross-post to that list as well.
>
> Dave
>
>
> =======================
> Contents of smb.conf:
> =======================
>
> [global]
> comment = global configuration
> workgroup = GALNWRK
> # encrypt passwords = yes
>
> [homes]
> writeable = yes
>
> [printers]
> comment = all printers
> writeable = no
> printable = yes
> path = /tmp
> public = no
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> David S. Foster Univ. of California, San Diego
> Programmer/Analyst Brain Image Analysis Laboratory
> foster@bial1.ucsd.edu Department of Psychiatry
> (619) 622-5892 8950 Via La Jolla Drive, Suite 2240
> La Jolla, CA 92037
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
David S. Foster Univ. of California, San Diego
Programmer/Analyst Brain Image Analysis Laboratory
foster@bial1.ucsd.edu Department of Psychiatry
(619) 622-5892 8950 Via La Jolla Drive, Suite 2240
La Jolla, CA 92037
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:17 CDT