Important Notes About Security
The UNIX and SMB password encryption techniques seem similar on the surface. This
similarity is, however, only skin deep. The UNIX scheme typically sends clear-text
passwords over the network when logging in. This is bad. The SMB encryption scheme
never sends the clear-text password over the network, but it does store the 16-byte
hashed values on disk. This is also bad. Why? Because the 16 byte hashed values
are a “password equivalent.” You cannot derive the user's password from them, but
they could potentially be used in a modified client to gain access to a server.
This would require considerable technical knowledge on behalf of the attacker but
is perfectly possible. You should therefore treat the data stored in whatever passdb
backend you use (smbpasswd file, LDAP) as though it contained the clear-text
passwords of all your users. Its contents must be kept secret, and the file should
be protected accordingly.
Ideally, we would like a password scheme that involves neither plaintext passwords
on the network nor plaintext passwords on disk. Unfortunately, this is not available because Samba is stuck with
having to be compatible with other SMB systems (Windows NT, Windows for Workgroups, Windows 9x/Me).
Windows NT 4.0 Service Pack 3 changed the default setting so plaintext passwords
are disabled from being sent over the wire. This mandates either the use of encrypted
password support or editing the Windows NT registry to re-enable plaintext passwords.
The following versions of Microsoft Windows do not support full domain security protocols,
although they may log onto a domain environment:
MS DOS Network client 3.0 with the basic network redirector installed.
Windows 95 with the network redirector update installed.
Windows 98 [Second Edition].