On Thu, 28 Nov 2002, Ira Abramov wrote: > Quoting Omer Zak, from the post of Thu, 28 Nov: > > I was successful in having the Linux PC access files in shared folders in > > the Win PC.However, the Win PC was denied access to directories exported > > by the Samba in the Linux PC. > > my first guess (without enough info...) would be the password > encryption. windows clients use a scheme where the password is sent as a > hash and compared by the server to its own hash. the problem is that > it's incompatible with Unix crypt nor MD5. solutions:
Not exactly: It uses a chalange-response protocol. This means that the password need not travel accross the wire. However, it also means that the server needs to know the password: a hash (e.g: crypt, md5) of it won't do. The password database is still "encrypted" (read: obfuscated) locally, so you won't get the passwords by means of pure cat. You'd still get a paswrod-equivalent. In plain words if someone gains root: that one can have the passwords of all the samba users > > 1. make the windows machine send cleartext passwords (less secure, look > in the samba docs directory for instructions, it means creating a key in > the registry and rebooting) > > 2. create an smbpasswd file on the linux side (man smbpasswd) and keep > or don't keep it in synch with the /etc/shadow manually. I like the idea > of keeping the CIFS authentications seperate from shell accounts. > In light of the above, this seems wise. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
