Setting Password Options
Samba installations are frequently plagued by two problems:
incorrectly set workgroup names and password encryption difficulties.
The first problem is easily corrected by changing the
workgroup parameter, as described earlier.
Password problems are harder to overcome because they may require
changing more than just one or two Samba parameters. To address these
issues, you must first understand them. You must then decide whether
to use unencrypted or encrypted passwords. On some networks, you may
need to decide whether to use a password server for authentication,
Samba password issues can be complicated. SMB/CIFS provides several different ways to encode passwords, to authenticate clients using passwords, and to store them. In fact, some of these issues are negotiated between client and server, with no need for explicit configuration, but others require your attention.
The simplest case of Samba password handling, at least from the point of view of Samba administration, is to have Samba accept unencrypted (or cleartext) passwords from clients and authenticate users against the local Linux account database. Conceptually, this works much like Linux authentication for FTP, Telnet, SSH, or other servers that use the Linux account database. Unfortunately, this approach has some problems. Most importantly, exchanging passwords in cleartext makes them vulnerable to sniffing—interception by unauthorized third parties who have physical ...