diff options
Diffstat (limited to 'docs/manpages/smbpasswd.5')
| -rw-r--r-- | docs/manpages/smbpasswd.5 | 111 |
1 files changed, 0 insertions, 111 deletions
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5 deleted file mode 100644 index 75645d4b6a..0000000000 --- a/docs/manpages/smbpasswd.5 +++ /dev/null @@ -1,111 +0,0 @@ -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "SMBPASSWD" 5 "" "" "" -.SH NAME -smbpasswd \- The Samba encrypted password file -.SH "SYNOPSIS" - -.PP -\fIsmbpasswd\fR - -.SH "DESCRIPTION" - -.PP -This tool is part of the \fBSamba\fR(7) suite\&. - -.PP -smbpasswd is the Samba encrypted password file\&. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as account flag information and the time the password was last changed\&. This file format has been evolving with Samba and has had several different formats in the past\&. - -.SH "FILE FORMAT" - -.PP -The format of the smbpasswd file used by Samba 2\&.2 is very similar to the familiar Unix \fIpasswd(5)\fR file\&. It is an ASCII file containing one line for each user\&. Each field ithin each line is separated from the next by a colon\&. Any entry beginning with '#' is ignored\&. The smbpasswd file contains the following information for each user: - -.TP -name -This is the user name\&. It must be a name that already exists in the standard UNIX passwd file\&. - - -.TP -uid -This is the UNIX uid\&. It must match the uid field for the same user entry in the standard UNIX passwd file\&. If this does not match then Samba will refuse to recognize this smbpasswd file entry as being valid for a user\&. - - -.TP -Lanman Password Hash -This is the LANMAN hash of the user's password, encoded as 32 hex digits\&. The LANMAN hash is created by DES encrypting a well known string with the user's password as the DES key\&. This is the same password used by Windows 95/98 machines\&. Note that this password hash is regarded as weak as it is vulnerable to dictionary attacks and if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&. If the user has a null password this field will contain the characters "NO PASSWORD" as the start of the hex string\&. If the hex string is equal to 32 'X' characters then the user's account is marked as \fBdisabled\fR and the user will not be able to log onto the Samba server\&. - - -\fBWARNING !!\fR Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as \fBplain text equivalents\fR and must \fBNOT\fR be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&. - - -.TP -NT Password Hash -This is the Windows NT hash of the user's password, encoded as 32 hex digits\&. The Windows NT hash is created by taking the user's password as represented in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it\&. - - -This password hash is considered more secure than the LANMAN Password Hash as it preserves the case of the password and uses a much higher quality hashing algorithm\&. However, it is still the case that if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&. - - -\fBWARNING !!\fR\&. Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as \fBplain text equivalents\fR and must \fBNOT\fR be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&. - - -.TP -Account Flags -This section contains flags that describe the attributes of the users account\&. In the Samba 2\&.2 release this field is bracketed by '[' and ']' characters and is always 13 characters in length (including the '[' and ']' characters)\&. The contents of this field may be any of the following characters: - - -\fBU\fR - This means this is a "User" account, i\&.e\&. an ordinary user\&. Only User and Workstation Trust accounts are currently supported in the smbpasswd file\&. - -\fBN\fR - This means the account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored)\&. Note that this will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fBsmb.conf\fR(5) config file\&. - -\fBD\fR - This means the account is disabled and no SMB/CIFS logins will be allowed for this user\&. - -\fBW\fR - This means this account is a "Workstation Trust" account\&. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC\&. - -Other flags may be added as the code is extended in future\&. The rest of this field space is filled in with spaces\&. - - -.TP -Last Change Time -This field consists of the time the account was last modified\&. It consists of the characters 'LCT-' (standing for "Last Change Time") followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made\&. - - -.PP -All other colon separated fields are ignored at this time\&. - -.SH "VERSION" - -.PP -This man page is correct for version 3\&.0 of the Samba suite\&. - -.SH "SEE ALSO" - -.PP -\fBsmbpasswd\fR(8), \fBSamba\fR(7), and the Internet RFC1321 for details on the MD4 algorithm\&. - -.SH "AUTHOR" - -.PP -The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. - -.PP -The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&. - |