Prevent smbpasswd lan manager field change
in [Samba]
|
Prev: [Samba] ?! Winbind stops (causing troubles with my Boss and customers)
Next: [Samba] Samba4 and group policy password policy
From: Jansen Robert on 14 Apr 2010 05:00 Added note: The lanmanager smbpasswd filed change seems to happen also with some client machines do NOT explicitaly change their password. It rather seems that a client seems to enforce a zero LANMAN passwd if a client has a higher than LANMAN protocol available. "I have a higher protocol than LANMAN, so forget the LANMAN method and scratch the unsafer password hash". A wild guess,... But the question remains, how to prevent this from happening ? Running on a Solaris 9 Ideas welcome. TIA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jansen Robert on 20 Apr 2010 09:10
On Wed, April 14, 2010 10:45, Jansen Robert wrote: > Added note: > > > The lanmanager smbpasswd filed change seems to happen also with some > client machines do NOT explicitaly change their password. It rather seems > that a client seems to enforce a zero LANMAN passwd if a client has a > higher than LANMAN protocol available. > > "I have a higher protocol than LANMAN, so forget the LANMAN method > and scratch the unsafer password hash". > > A wild guess,... > > > > But the question remains, how to prevent this from happening ? > > > Running on a Solaris 9 > > > Ideas welcome. > > > TIA > Found a solution: Users can still explicitly change their password by using <username>@<sambaserver> on their client PC, but the Lanmanager password has field doesn't get "zeroed" out by a bunch of XXXXXXXXXXXXX.... Look here: http://www.troubleshooters.com/linux/win9x_samba.htm Needed smb.conf entry's: lanman auth = Yes client lanman auth = Yes client plaintext auth = Yes Default behaviour changed during/after Samba version 3.2.0. If anyone knows how to block users explicitly changing their password via the client PC, would be a plus. Any takers ? my 2 cents TIA -------------------------- Brussels University Pleinlaan 2 Computer Center VUB/ULB (VUBnet) Ing. Robert Jansen B-1050 Brussels Belgium (Europe) email: rjansen(a)vub.ac.be Tel: +32-2-650.36.94 Secr: +32-2-650.37.38 Fax: +32-2-650.37.40 -------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |