>> > However, if you need to connect to a Samba server that does not have >> > encrypted password support enabled, or to another server that does not >> > support NTLM authentication, you will need to set >> > "client plaintext auth = yes" and "client lanman auth = yes" in >> > smb.conf. > >> Among the many tests that I have made before writing this bug report, I >> also tried those settings, without any observable change. > >But those are the settings that affect samba's behavior as a /client/. Did >you also test with 'lanman auth = yes'?
I just tried and in fact it works, thanks. I think that the text of the release note is not clear enough for those that have a superficial knowledge of Samba. For one, I do not even know what lanman is. Appended is the original release note with suggestions for improvement. However, I have no idea where security=share should be mentioned. I see that using it or not makes in fact a difference. THank you for working on this. >===File /doc/samba/NEWS.Debian.gz=========================== >samba (3.0.27a-2) unstable; urgency=low > > * Weak authentication methods are disabled by default This is the title of the note. It means that its contents is related to "weak authentication". > Beginning with this version, plaintext authentication is disabled for > clients and lanman authentication is disabled for both clients and > servers. Lanman authentication is not needed for Windows > NT/2000/XP/Vista, Mac OS X or Samba, but if you still have Windows > 95/98/ME clients (or servers) you may need to set lanman auth (or client > lanman auth) to yes in your smb.conf. While I now see that this is correct and complete, I could not understand before. Maybe writing it ike this would be more clear to the semi-ignorant: Beginning with this version, plaintext authentication is disabled for clients and lanman authentication is disabled for both clients and servers. As far as plaintext authentication is concerned, you can reenable it when using Samba as a client by setting xxxx=yes. This is needed when accessing Windows servers that use plaintext authentication, like ... As far as lanman authentication is concerned, you can reenable it for Samba servers by setting "lanman auth = yes" in smb.conf. This is needed for Windows 95/98/ME clients using ... > The "lanman auth = no" setting , which is now the default, > will also cause lanman password hashes to > be deleted from smbpasswd and prevent new ones from being written, so > that these can't be subjected to brute-force password attacks. This > means that re-enabling lanman auth after it has been disabled is more > difficult; it is therefore advisable that you re-enable the option as > soon as possible if you think you will need to support Win9x clients. If you read this note after your Samba server has been restarted, and you want to reenable lanman auth, you should... > Client support for plaintext passwords is not needed for recent Windows > servers, and in fact this behavior change makes the Samba client behave > in a manner consistent with all Windows clients later than Windows 98. > However, if you need to connect to a Samba server that does not have > encrypted password support enabled, or to another server that does not > support NTLM authentication, you will need to set > "client plaintext auth = yes" and "client lanman auth = yes" in smb.conf. > > -- Steve Langasek <[EMAIL PROTECTED]> Sat, 24 Nov 2007 00:23:37 -0800 >============================================================ -- Francesco Potortì (ricercatore) Voice: +39 050 315 3058 (op.2111) ISTI - Area della ricerca CNR Fax: +39 050 315 2040 via G. Moruzzi 1, I-56124 Pisa Email: [EMAIL PROTECTED] Web: http://fly.isti.cnr.it/ Key: fly.isti.cnr.it/public.key