summaryrefslogtreecommitdiff
path: root/docs/manpages/smbpasswd.5
diff options
context:
space:
mode:
Diffstat (limited to 'docs/manpages/smbpasswd.5')
-rw-r--r--docs/manpages/smbpasswd.5159
1 files changed, 159 insertions, 0 deletions
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
new file mode 100644
index 0000000000..39281eb34e
--- /dev/null
+++ b/docs/manpages/smbpasswd.5
@@ -0,0 +1,159 @@
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document. docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBPASSWD" "5" "28 January 2002" "" ""
+.SH NAME
+smbpasswd \- The Samba encrypted password file
+.SH SYNOPSIS
+.PP
+\fIsmbpasswd\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the Sambasuite.
+.PP
+smbpasswd is the Samba encrypted password file. It contains
+the username, Unix user id and the SMB hashed passwords of the
+user, as well as account flag information and the time the
+password was last changed. This file format has been evolving with
+Samba and has had several different formats in the past.
+.SH "FILE FORMAT"
+.PP
+The format of the smbpasswd file used by Samba 2.2
+is very similar to the familiar Unix \fIpasswd(5)\fR
+file. It is an ASCII file containing one line for each user. Each field
+ithin each line is separated from the next by a colon. Any entry
+beginning with '#' is ignored. The smbpasswd file contains the
+following information for each user:
+.TP
+\fBname\fR
+This is the user name. It must be a name that
+already exists in the standard UNIX passwd file.
+.TP
+\fBuid\fR
+This is the UNIX uid. It must match the uid
+field for the same user entry in the standard UNIX passwd file.
+If this does not match then Samba will refuse to recognize
+this smbpasswd file entry as being valid for a user.
+.TP
+\fBLanman Password Hash\fR
+This is the LANMAN hash of the user's password,
+encoded as 32 hex digits. The LANMAN hash is created by DES
+encrypting a well known string with the user's password as the
+DES key. This is the same password used by Windows 95/98 machines.
+Note that this password hash is regarded as weak as it is
+vulnerable to dictionary attacks and if two users choose the
+same password this entry will be identical (i.e. the password
+is not "salted" as the UNIX password is). If the user has a
+null password this field will contain the characters "NO PASSWORD"
+as the start of the hex string. If the hex string is equal to
+32 'X' characters then the user's account is marked as
+disabled and the user will not be able to
+log onto the Samba server.
+
+\fBWARNING !!\fR Note that, due to
+the challenge-response nature of the SMB/CIFS authentication
+protocol, anyone with a knowledge of this password hash will
+be able to impersonate the user on the network. For this
+reason these hashes are known as \fBplain text
+equivalents\fR and must \fBNOT\fR be made
+available to anyone but the root user. To protect these passwords
+the smbpasswd file is placed in a directory with read and
+traverse access only to the root user and the smbpasswd file
+itself must be set to be read/write only by root, with no
+other access.
+.TP
+\fBNT Password Hash\fR
+This is the Windows NT hash of the user's
+password, encoded as 32 hex digits. The Windows NT hash is
+created by taking the user's password as represented in
+16-bit, little-endian UNICODE and then applying the MD4
+(internet rfc1321) hashing algorithm to it.
+
+This password hash is considered more secure than
+the LANMAN Password Hash as it preserves the case of the
+password and uses a much higher quality hashing algorithm.
+However, it is still the case that if two users choose the same
+password this entry will be identical (i.e. the password is
+not "salted" as the UNIX password is).
+
+\fBWARNING !!\fR. Note that, due to
+the challenge-response nature of the SMB/CIFS authentication
+protocol, anyone with a knowledge of this password hash will
+be able to impersonate the user on the network. For this
+reason these hashes are known as \fBplain text
+equivalents\fR and must \fBNOT\fR be made
+available to anyone but the root user. To protect these passwords
+the smbpasswd file is placed in a directory with read and
+traverse access only to the root user and the smbpasswd file
+itself must be set to be read/write only by root, with no
+other access.
+.TP
+\fBAccount Flags\fR
+This section contains flags that describe
+the attributes of the users account. In the Samba 2.2 release
+this field is bracketed by '[' and ']' characters and is always
+13 characters in length (including the '[' and ']' characters).
+The contents of this field may be any of the characters.
+.RS
+.TP 0.2i
+\(bu
+\fBU\fR - This means
+this is a "User" account, i.e. an ordinary user. Only User
+and Workstation Trust accounts are currently supported
+in the smbpasswd file.
+.TP 0.2i
+\(bu
+\fBN\fR - This means the
+account has no password (the passwords in the fields LANMAN
+Password Hash and NT Password Hash are ignored). Note that this
+will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5)
+\fRconfig file.
+.TP 0.2i
+\(bu
+\fBD\fR - This means the account
+is disabled and no SMB/CIFS logins will be allowed for
+this user.
+.TP 0.2i
+\(bu
+\fBW\fR - This means this account
+is a "Workstation Trust" account. This kind of account is used
+in the Samba PDC code stream to allow Windows NT Workstations
+and Servers to join a Domain hosted by a Samba PDC.
+.RE
+.PP
+Other flags may be added as the code is extended in future.
+The rest of this field space is filled in with spaces.
+.PP
+.TP
+\fBLast Change Time\fR
+This field consists of the time the account was
+last modified. It consists of the characters 'LCT-' (standing for
+"Last Change Time") followed by a numeric encoding of the UNIX time
+in seconds since the epoch (1970) that the last change was made.
+.PP
+All other colon separated fields are ignored at this time.
+.PP
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbpasswd(8)\fR,
+samba(7), and
+the Internet RFC1321 for details on the MD4 algorithm.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer.
+The man page sources were converted to YODL format (another
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
+release by Jeremy Allison. The conversion to DocBook for
+Samba 2.2 was done by Gerald Carter
generated by cgit (git 2.34.1) at 2025-03-11 14:18:41 +0000