👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

RedHat 9 (Linux i386) - man page for smbpasswd (redhat section 5)

SMBPASSWD(5)									     SMBPASSWD(5)

NAME
       smbpasswd - The Samba encrypted password file

SYNOPSIS
       smbpasswd

DESCRIPTION
       This tool is part of the  Samba suite.

       smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and
       the SMB hashed passwords of the user, as well as account flag information and the time the
       password  was last changed. This file format has been evolving with Samba and has had sev-
       eral different formats in the past.

FILE FORMAT
       The format of the smbpasswd file used by Samba 2.2 is very similar to  the  familiar  Unix
       passwd(5)  file.  It is an ASCII file containing one line for each user. Each field within
       each line is separated from the next by a colon. Any entry beginning with '#' is  ignored.
       The smbpasswd file contains the following information for each user:

       name   This  is	the user name. It must be a name that already exists in the standard UNIX
	      passwd file.

       uid    This is the UNIX uid. It must match the uid field for the same user  entry  in  the
	      standard UNIX passwd file.  If this does not match then Samba will refuse to recog-
	      nize this smbpasswd file entry as being valid for a user.

       Lanman Password Hash
	      This is the LANMAN hash of the user's password, encoded as 32 hex digits. The  LAN-
	      MAN  hash is created by DES encrypting a well known string with the user's password
	      as the DES key. This is the same password used by  Windows  95/98  machines.   Note
	      that  this  password  hash  is  regarded	as weak as it is vulnerable to dictionary
	      attacks and if two users choose the same password  this  entry  will  be	identical
	      (i.e. the password is not "salted" as the UNIX password is). If the user has a null
	      password this field will contain the characters "NO PASSWORD" as the start  of  the
	      hex string. If the hex string is equal to 32 'X' characters then the user's account
	      is marked as disabled and the user will not be able to log onto the Samba server.

	      WARNING !! Note that, due to the challenge-response nature of the SMB/CIFS  authen-
	      tication	protocol,  anyone  with a knowledge of this password hash will be able to
	      impersonate the user on the network. For this reason  these  hashes  are	known  as
	      plain  text equivalents and must NOT be made available to anyone but the root user.
	      To protect these passwords the smbpasswd file is placed in a  directory  with  read
	      and traverse access only to the root user and the smbpasswd file itself must be set
	      to be read/write only by root, with no other access.

       NT Password Hash
	      This is the Windows NT hash of the user's password, encoded as 32 hex  digits.  The
	      Windows  NT hash is created by taking the user's password as represented in 16-bit,
	      little-endian UNICODE and then applying the MD4 (internet  rfc1321)  hashing  algo-
	      rithm to it.

	      This  password  hash  is considered more secure than the LANMAN Password Hash as it
	      preserves the case of the password and uses a much  higher  quality  hashing  algo-
	      rithm.   However,  it  is still the case that if two users choose the same password
	      this entry will be identical (i.e. the password is not "salted" as the  UNIX  pass-
	      word is).

	      WARNING !!. Note that, due to the challenge-response nature of the SMB/CIFS authen-
	      tication protocol, anyone with a knowledge of this password hash will  be  able  to
	      impersonate  the	user  on  the  network. For this reason these hashes are known as
	      plain text equivalents and must NOT be made available to anyone but the root  user.
	      To  protect  these  passwords the smbpasswd file is placed in a directory with read
	      and traverse access only to the root user and the smbpasswd file itself must be set
	      to be read/write only by root, with no other access.

       Account Flags
	      This  section  contains flags that describe the attributes of the users account. In
	      the Samba 2.2 release this field is bracketed by '['  and  ']'  characters  and  is
	      always  13  characters  in length (including the '[' and ']' characters).  The con-
	      tents of this field may be any of the characters.

	      o U - This means this is a "User" account, i.e. an ordinary  user.  Only	User  and
		Workstation Trust accounts are currently supported in the smbpasswd file.

	      o N  -  This  means the account has no password (the passwords in the fields LANMAN
		Password Hash and NT Password Hash are ignored). Note that this will  only  allow
		users  to  log on with no password if the  null passwords parameter is set in the
		smb.conf(5)
		 config file.

	      o D - This means the account is disabled and no SMB/CIFS logins will be allowed for
		this user.

	      o W  -  This  means  this  account  is  a "Workstation Trust" account. This kind of
		account is used in the Samba PDC code stream to allow Windows NT Workstations and
		Servers to join a Domain hosted by a Samba PDC.

       Other  flags may be added as the code is extended in future.  The rest of this field space
       is filled in with spaces.

       Last Change Time
	      This field consists of the time the account was last modified. It consists  of  the
	      characters  'LCT-' (standing for "Last Change Time") followed by a numeric encoding
	      of the UNIX time in seconds since the epoch (1970) that the last change was made.

       All other colon separated fields are ignored at this time.

VERSION
       This man page is correct for version 2.2 of the Samba suite.

SEE ALSO
       smbpasswd(8) samba(7) and the Internet RFC1321 for details on the MD4 algorithm.

AUTHOR
       The original Samba software and related utilities were created by Andrew  Tridgell.  Samba
       is  now developed by the Samba Team as an Open Source project similar to the way the Linux
       kernel is developed.

       The original Samba man pages were written by Karl Auer.	The man page  sources  were  con-
       verted  to  YODL  format  (another  excellent  piece of Open Source software, available at
       ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the
       Samba  2.0  release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by
       Gerald Carter

					 19 November 2002			     SMBPASSWD(5)


All times are GMT -4. The time now is 12:48 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?