mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
8d0d99a4d7
This feature is only available for SMB1 and we need to warn users that this is going away soon, and allow the removal in a future release under our rules for parameter deprecation. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
48 lines
2.3 KiB
XML
48 lines
2.3 KiB
XML
<samba:parameter name="encrypt passwords"
|
|
context="G"
|
|
type="boolean"
|
|
deprecated="1"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This parameter has been deprecated since Samba 4.11 and
|
|
support for plaintext (as distinct from NTLM, NTLMv2
|
|
or Kerberos authentication)
|
|
will be removed in a future Samba release.</para>
|
|
<para>That is, in the future, the current default of
|
|
<command>encrypt passwords = yes</command>
|
|
will be the enforced behaviour.</para>
|
|
<para>This boolean controls whether encrypted passwords
|
|
will be negotiated with the client. Note that Windows NT 4.0 SP3 and
|
|
above and also Windows 98 will by default expect encrypted passwords
|
|
unless a registry entry is changed. To use encrypted passwords in
|
|
Samba see the chapter "User Database" in the Samba HOWTO Collection.
|
|
</para>
|
|
|
|
<para>
|
|
MS Windows clients that expect Microsoft encrypted passwords and that
|
|
do not have plain text password support enabled will be able to
|
|
connect only to a Samba server that has encrypted password support
|
|
enabled and for which the user accounts have a valid encrypted password.
|
|
Refer to the smbpasswd command man page for information regarding the
|
|
creation of encrypted passwords for user accounts.
|
|
</para>
|
|
|
|
<para>
|
|
The use of plain text passwords is NOT advised as support for this feature
|
|
is no longer maintained in Microsoft Windows products. If you want to use
|
|
plain text passwords you must set this parameter to no.
|
|
</para>
|
|
|
|
<para>In order for encrypted passwords to work correctly
|
|
<citerefentry><refentrytitle>smbd</refentrytitle>
|
|
<manvolnum>8</manvolnum></citerefentry> must either
|
|
have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
|
<manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
|
|
<manvolnum>8</manvolnum></citerefentry> program for information on how to set up
|
|
and maintain this file), or set the <smbconfoption name="security">[domain|ads]</smbconfoption> parameter which
|
|
causes <command moreinfo="none">smbd</command> to authenticate against another
|
|
server.</para>
|
|
</description>
|
|
<value type="default">yes</value>
|
|
</samba:parameter>
|