Passwords
Passwords are a thorny issue with Samba. So much so, in fact, that they are often the first major problem that users encounter when they install Samba. At this point, we need to delve deeper into Samba to discover what is happening on the network.
Passwords sent from individual clients can be either encrypted or nonencrypted. Encrypted passwords are, of course, more secure. A nonencrypted, plain-text password can be easily read with a packet-sniffing program, such as the modified tcpdump program for Samba that we used in Chapter 1. Whether passwords are encrypted by default depends on the operating system that the client is using to connect to the Samba server. Table 9-5 lists which Windows operating systems encrypt their passwords and which send plain-text passwords by default.
Table 9-5. Windows operating systems with encrypted passwords
|
Operating system |
Encrypted or plain text |
|---|---|
|
Windows for Workgroups |
Plain text |
|
Windows 95 |
Plain text |
|
Windows 95 with SMB Update |
Encrypted |
|
Windows 98 |
Encrypted |
|
Windows Me |
Encrypted |
|
Windows NT 3.x |
Plain text |
|
Windows NT 4.0 before SP |
Plain text |
|
Windows NT 4.0 after SP 3 |
Encrypted |
|
Windows 2000 |
Encrypted |
|
Windows XP |
Encrypted |
Three different encryption methods are used. Windows 95/98/Me clients use a method inherited from Microsoft’s LAN Manager network software. Windows NT/2000/XP systems use a newer system, called NT LAN Manager, or NTLM. A newer version of this (called NT LAN Manager Version 2, or NTLMv2) uses a different ...
Get Using Samba, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
