summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/security/encryptpasswords.xml
blob: fdf0cfd43e683fcb9d9937bf0fc893fdb474511e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<samba:parameter name="encrypt passwords"
                 context="G"
				 type="boolean"
                 basic="1" advanced="1" wizard="1" developer="1"
		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
    <para>This boolean controls whether encrypted passwords 
    will be negotiated with the client. Note that Windows NT 4.0 SP3 and 
    above and also Windows 98 will by default expect encrypted passwords 
    unless a registry entry is changed. To use encrypted passwords in 
    Samba see the chapter "User Database" in the Samba HOWTO Collection.
    </para>

    <para>
    MS Windows clients that expect Microsoft encrypted passwords and that
    do not have plain text password support enabled will be able to
    connect only to a Samba server that has encrypted password support
    enabled and for which the user accounts have a valid encrypted password.
    Refer to the smbpasswd command man page for information regarding the
    creation of encrypted passwords for user accounts.
    </para>

    <para>
    The use of plain text passwords is NOT advised as support for this feature
    is no longer maintained in Microsoft Windows products. If you want to use
    plain text passwords you must set this parameter to no.
    </para>

    <para>In order for encrypted passwords to work correctly
    <citerefentry><refentrytitle>smbd</refentrytitle>
    <manvolnum>8</manvolnum></citerefentry> must either 
    have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
    <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
    <manvolnum>8</manvolnum></citerefentry> program for information on how to set up 
    and maintain this file), or set the <smbconfoption name="security">[domain|ads]</smbconfoption> parameter which
    causes <command moreinfo="none">smbd</command> to authenticate against another 
	server.</para>
</description>
<value type="default">yes</value>
</samba:parameter>