Bug 1701 - Extreme ambiguity in man smb.conf encrypt passwords = section
Extreme ambiguity in man smb.conf encrypt passwords = section
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Docs
3.0.6
All All
: P3 normal
: none
Assigned To: Jelmer Vernooij
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-01 05:43 UTC by Clock
Modified: 2005-08-24 10:21 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Clock 2004-09-01 05:43:39 UTC
"This  boolean controls whether encrypted passwords will be negotiated
with the client. Note that Windows NT 4.0 SP3  and  above and  also
Windows 98 will by default expect encrypted passwords unless a registry
entry is changed."

What does this mean? From my point of view it can mean 4 totally
different things:

1) That when I run smbd with encrypt passwords = no and NT4.0 client
with default installation, it won't work because NT4.0 client will send
encrypted password and Samba require a plaintext password?
2) That when I run smbd with encrypt passwords = no and NT4.0 client
with default installation, it will work, because NT4.0 client will
albeit expect encrypted passwords, however will resort to unencrypted
passwords upon being told by the server they are the only available
option?
3) That when I run smbclient //windows_machine_with_nt40/share with
encrypt passwords = no, it won't work because NT4.0 server will expect
encrypted bassword and will be supplied with unencrypted one
4) That when I run smbclient //windows_machine_with_nt40/share with
encrypt passwords = no, it will work, because NT4.0 server will albeit
expect encrypted passwords, however will resort to accepting unencrypted
one after being told by smbclient unencrypted ones are the only
possible option?

Basically, the manpage doesn't say two things:
1) whether this relates to a win client -> samba server or samba client
-> win server case
2) What does the word "expect" mean.

What does encrypt passwords = no mean? From my point of view it can
mean 3 totally different things:

1) Encrypted passwords won't be negotiated at all (i. e., it will be
left up to the client whether encrypted or unencrypted passwords will be
used)
2) Unencrypted passwords will be negotiated with the client and if the
client refuses to use unencrypted passwords, then the connection will be
terminated
3) Unencrypted passwords will be negotiated with the client, however
if the client refuses to use unencrypted passwords, then encrypted ones
will be used?

Basically the man page says what happens when I say "yes", but doesn't
say anything what happens when I say "no".
Comment 1 John H Terpstra 2004-11-23 09:45:54 UTC
The documentation for this command has been updated.
Comment 2 Gerald (Jerry) Carter 2005-08-24 10:21:11 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.