Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Note

MS Windows XP Home does not have facilities to become a domain member, and it cannot participate in domain logons.

The following versions of MS Windows fully support domain security protocols.

  • Windows NT 3.5x.

  • Windows NT 4.0.

  • Windows 2000 Professional.

  • Windows 200x Server/Advanced Server.

  • Windows XP Professional.

All current releases of Microsoft SMB/CIFS clients support authentication via the SMB challenge/response mechanism described here. Enabling clear-text authentication does not disable the ability of the client to participate in encrypted authentication. Instead, it allows the client to negotiate either plaintext or encrypted password handling.

MS Windows clients will cache the encrypted password alone. Where plaintext passwords are re-enabled through the appropriate registry change, the plaintext password is never cached. This means that in the event that a network connections should become disconnected (broken), only the cached (encrypted) password will be sent to the resource server to effect an auto-reconnect. If the resource server does not support encrypted passwords, the auto-reconnect will fail. Use of encrypted passwords is strongly advised.

Advantages of Encrypted Passwords

  • Plaintext passwords are not passed across the network. Someone using a network sniffer cannot just record passwords going to the SMB server.

  • Plaintext passwords are not stored anywhere in memory or on disk.

  • Windows NT does not like talking to a server that does not support encrypted passwords. It will refuse to browse the server if the server is also in user-level security mode. It will insist on prompting the user for the password on each connection, which is very annoying. The only thing you can do to stop this is to use SMB encryption.

  • Encrypted password support allows automatic share (resource) reconnects.

  • Encrypted passwords are essential for PDC/BDC operation.

Advantages of Non-Encrypted Passwords

  • Plaintext passwords are not kept on disk and are not cached in memory.

  • Plaintext passwords use the same password file as other UNIX services, such as Login and FTP.

  • Use of other services (such as Telnet and FTP) that send plaintext passwords over the network makes sending them for SMB not such a big deal.

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire