[prev in list] [next in list] [prev in thread] [next in thread]
List: samba
Subject: SAMBA digest 558
From: samba () anu ! edu ! au
Date: 1995-06-04 15:50:53
[Download RAW message or body]
SAMBA Digest 558
Topics covered in this issue include:
1) Samba File System
by "M. May" <100103.1662@compuserve.com>
2) SMB encrypted passwords
by "Andrew.Tridgell" <tridge@arvidsjaur.anu.edu.au>
3) next release
by "Andrew.Tridgell" <tridge@arvidsjaur.anu.edu.au>
4) The Samba consultants list
by "Andrew.Tridgell" <tridge@arvidsjaur.anu.edu.au>
5) Help installing samba
by Adi <akremer@uop.cs.uop.edu>
----------------------------------------------------------------------
Date: 03 Jun 95 21:03:48 EDT
From: "M. May" <100103.1662@compuserve.com>
To: Samba List <samba@anu.edu.au>
Subject: Samba File System
Message-ID: <950604010347_100103.1662_EHK43-2@CompuServe.COM>
What is the current status of a Samba File System? I remember reading in
'PROJECTS' that someone is working on a Linux mountable file system.
We would love to be able to mount PC shares on our Unix boxes - smbclient is
good but it doesn't go much further than FTP. Will such an 'smbfs' be portable?
As we use an Ultrix DECStation, a Sun Sparc 20 and two OSF/1 Alphas, a Linux
only smbfs would be somewhat less than useful. Are there porting issues that are
particular to writing file systems?
As a general point, PROJECTS seems to be heavily out of date - how about a
general status roundup?
Sorry to sound like I'm whinging, we use Samba in preference to NFS now, AND WE
LOVE IT!!! It certainly makes sense to have the Unix boxes 'talk Windows' rather
than the Windows kit 'talk Unix' and clog up memory with NFS client drivers.
Cheers
Andrew Patterson
Synergy Real-time Systems,
London, UK
------------------------------
Date: Sun, 4 Jun 1995 14:23:11 +1000
From: "Andrew.Tridgell" <tridge@arvidsjaur.anu.edu.au>
To: samba@anugpo.anu.edu.au
Subject: SMB encrypted passwords
Message-ID: <199506040423.OAA03591@arvidsjaur.anu.edu.au>
Jeremy Allison (jra@vantive.com) and myself have finally worked out
the protocol for sending encrypted passwords over the net in the SMB
protocol. Now we need to work out the best way to incorporate this
into Samba.
First a bit of background. Samba currently negotiates plaintext
passwords with clients. This means anyone with a sniffer on your local
net can see your password. It also means Samba can use the standard
unix password system.
Servers such as WinNT negotiate encrypted passwords with clients. This
means the server sends to the client a 8 byte random "cryptkey" when
negotiating a connection. The client then encrypts the users password
using a two stage DES process. The result is sent over the net. The
server then goes through the same process to validate the password.
This encryption protocol is described in the X/Open SMB spec, but
Microsoft implemented things with two small (but very important)
changes. Thanks to some help from Microsoft we now know what those
changes are and we can put a compatible system into Samba.
The primary problem with the encryption method is that to implement it
the server must have acess to the users plaintext password (or some
equivalent). In the case of NT the MS technet CD says they actually
store the result of the first stage DES encryption (commonly called
p16) on disk on the server. This means it's not possible to recover
the plaintext password from the file, but if you did have access to the
file you could write your own SMB client which gained access using only
p16. Thus p16 is a "password equivalent".
So, there are basically two evils, take your pick:
1) have plaintext passwords on the net (the current Samba way)
2) have password equivalents stored on disk on the server (the NT way)
In the spirit of user choice, I think it's best that system
administrators choose, so there will be an option in smb.conf to
choose plaintext or encrypted passwords. Plaintext will be the
default. Note that it is not possible to mix the two, and have some
users using the unix password system (and plaintext passwords) with
others using the SMB encrypted passwords. You could make it depend on
which machine they come from, but not on their username (you don't
know the username when you negotiate the encryption bit).
Now we just have to work out the best way to administer encrypted
passwords.
I think storing p16 on disk (rather than the plain password) is a good
idea, although it doesn't gain much in real security. It just means it
would be quite a bit of work to break in given access to the file. It
also means a person breaking in couldn't use telnet etc, they would
have to use SMB.
Anyway, here is what I envisage, comments welcome!
1) a smb.passwd file containing username/p16 pairs, along with other
per user info.
2) a smbpasswd program (probably setuid root) that allows users or the
sysadmin to manipulate the password file (just like passwd).
3) Users can also change the password from the client (using "net
pass")
4) optional password expiry times, with users being notified via a
WinPopUp message (or other mechanism, coonfiigurable in smb.conf).
5) can use a samba or NT server as a "password server"
Now I hope the above will prompt a bit of discussion. We want to "get
it right".
Andrew
------------------------------
Date: Sun, 4 Jun 1995 14:33:53 +1000
From: "Andrew.Tridgell" <tridge@arvidsjaur.anu.edu.au>
To: samba@anugpo.anu.edu.au
Subject: next release
Message-ID: <199506040433.OAA03630@arvidsjaur.anu.edu.au>
I am slowly working towards the next Samba release. I still have
around 200 emails to get through, but I thought I'd let people know
something of the progress:
1) I will be reorganising the distribution structure a little, to have
a source, docs and examples subdirectory. If you have an interesting
smb.conf (with comments) to send in for the examples then please do.
2) I hope the password encryption stuff will be in for the next
release (see my other mail)
3) the DCE/DFS support from Jim Doyle is in.
4) there may be automatic cr/lf support (optional, of course) thanks
to patches from Dan Lydick (lydick@cvpsun104.csc.ti.com). I haven't
had a chance to try them yet, sorry Dan.
There have also been lots of minor changes here and there. Thanks to
everyone who has sent patches. I'll release an alpha version once it
is in a fit state.
Andrew
------------------------------
Date: Sun, 4 Jun 1995 14:46:01 +1000
From: "Andrew.Tridgell" <tridge@arvidsjaur.anu.edu.au>
To: samba@anugpo.anu.edu.au
Subject: The Samba consultants list
Message-ID: <199506040446.OAA03659@arvidsjaur.anu.edu.au>
I've received several entries from people for the samba consultants
list. I include a rough first version below. This should give people a
better idea of what format is good for an entry. Those who are already
on the list should feel free to send me an updated version whenever
they like. Anyone else who wants to be on it just send me an
entry. Remember that this list is unmoderated and does not imply any
endorsement or guarantees.
Andrew
The Samba Consultants List
==========================
I often get asked about paid support for Samba. I don't have the
time/inclination to do this myself at the moment, so I decided to
compile a list of people who are prepared to install/support Samba.
Being on this list does not imply any sort of endorsement, I just
provide this list in the hope that it will be useful.
If you want to be added to the list, or want your entry modified then
contact me at the address below. I am currently listing them in the
order that I have received them. If it gets too big I may organise it
by region.
Andrew.Tridgell@anu.edu.au
------------------------------------------------------------------------------
BRISBANE - AUSTRALIA
Brett Worth
Select Computer Technology - Brisbane
431 Logan Road
Stones Corner QLD 4120
E-Mail: brett@sct.com.au
------------------------------------------------------------------------------
------------------------------------------------------------------------------
CANBERRA - AUSTRALIA
Paul Blackman (ictinus@lake.canberra.edu.au, Ph. 06 2012518) is
available for consultation. Paul's Samba background is with
Solaris 2.3/4 and WFWG/Win95 machines. Paul is also the maintainer
of the SAMBA Web Pages.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
READING - ENGLAND
Philip Hands | E-Mail: info@hands.com
Philip Hands Computing Ltd. | Tel: +44 1734 476287 Fax: 1734 474655
Unit 1, Cherry Close, Caversham, Reading RG4 8UP UK
Samba experience: SVR4,SVR3.2 & Linux <--> WfWg, W3.1, OS2 and MS-LanMan
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Information One, Inc.
736 Hinman Ave, Suite 2W
Evanston, IL 60202
708-328-9137 708-328-0117 FAX
info@info1.com
Providing custom Internet and networking solutions.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Olympic Peninsula Consulting; 1241 Lansing Ave W., Bremerton, WA 98312-4343
telephone 1+ 360 792 6938; mailto:opc@aa.net; http://www.aa.net/~opc;
Unix Systems and TCP/IP Network design, programming, and administration.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
SolutionS R Us has been in business for 3+ years providing viable 3rd
party support in system/network administration. With our own Linux
distribution which we're constantly improving to make it the best and
using it to provide total solutions for companies which are open to
using Linux.
Mauro DePalma <mauro@sru.com>
------------------------------------------------------------------------------
------------------------------------------------------------------------------
BIELEFELD - GERMANY
I am located in Bielefeld/Germany and have been doing Unix consultancy
work for the past 8 years throughout Germany and the rest of Europe. I
can be contacted by email at <jpm@mens.de> or via phone at +49 521
9225922 or telefax at +49 521 9225924.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
CANBERRA - AUSTRALIA
Ben Elliston
Faculty of Information Sciences and Engineering
University of Canberra AUSTRALIA
E-mail: ben@ise.canberra.edu.au (Uni)
------------------------------------------------------------------------------
------------------------------
Date: Sat, 3 Jun 1995 22:11:20 -0700 (PDT)
From: Adi <akremer@uop.cs.uop.edu>
To: samba@anugpo.anu.edu.au
Subject: Help installing samba
Message-ID: <199506040511.AA19165@uop.cs.uop.edu>
Hi there
I am trying to install Samba on a Sun Sparc/2 with SunOS 4.1.2 as a
server to PCs running WFW3.11.
It seems that everything went along fine until I tried to start the smbd
and nmbd as daemons from the command line. It seems that the daemons
exit after a second or two with the entry "bind failed on port 139"
which was entered into the log file.
Could anybody help?
Also, From the PC side, what else do you need to do after installing the
MS TCP/IP 32 stack and configuring the PC so it has an IP number, DNS
server, and all other network bits? It is a little bit unclear from the
installation documentation. Specifically regarding the smb protocol.
Any help will be appreciated
Thanks
---
Adi Kremer
akremer@uop.edu
Stockton, CA 95204
------------------------------
End of SAMBA Digest 558
***********************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic