4 >LanMan and NT Password Encryption in Samba 2.x</TITLE
7 CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
23 >LanMan and NT Password Encryption in Samba 2.x</A
35 >With the development of LanManager and Windows NT
36 compatible password encryption for Samba, it is now able
37 to validate user connections in exactly the same way as
38 a LanManager or Windows NT server.</P
40 >This document describes how the SMB password encryption
41 algorithm works and what issues there are in choosing whether
42 you want to use it. You should read it carefully, especially
43 the part about security and the "PROS and CONS" section.</P
54 >LanManager encryption is somewhat similar to UNIX
55 password encryption. The server uses a file containing a
56 hashed value of a user's password. This is created by taking
57 the user's plaintext password, capitalising it, and either
58 truncating to 14 bytes or padding to 14 bytes with null bytes.
59 This 14 byte value is used as two 56 bit DES keys to encrypt
60 a 'magic' eight byte value, forming a 16 byte value which is
61 stored by the server and client. Let this value be known as
62 the "hashed password".</P
64 >Windows NT encryption is a higher quality mechanism,
65 consisting of doing an MD4 hash on a Unicode version of the user's
66 password. This also produces a 16 byte hash value that is
69 >When a client (LanManager, Windows for WorkGroups, Windows
70 95 or Windows NT) wishes to mount a Samba drive (or use a Samba
71 resource), it first requests a connection and negotiates the
72 protocol that the client and server will use. In the reply to this
73 request the Samba server generates and appends an 8 byte, random
74 value - this is stored in the Samba server after the reply is sent
75 and is known as the "challenge". The challenge is different for
76 every client connection.</P
78 >The client then uses the hashed password (16 byte values
79 described above), appended with 5 null bytes, as three 56 bit
80 DES keys, each of which is used to encrypt the challenge 8 byte
81 value, forming a 24 byte value known as the "response".</P
83 >In the SMB call SMBsessionsetupX (when user level security
84 is selected) or the call SMBtconX (when share level security is
85 selected), the 24 byte response is returned by the client to the
86 Samba server. For Windows NT protocol levels the above calculation
87 is done on both hashes of the user's password and both responses are
88 returned in the SMB call, giving two 24 byte values.</P
90 >The Samba server then reproduces the above calculation, using
91 its own stored value of the 16 byte hashed password (read from the
95 > file - described later) and the challenge
96 value that it kept from the negotiate protocol reply. It then checks
97 to see if the 24 byte value it calculates matches the 24 byte value
98 returned to it from the client.</P
100 >If these values match exactly, then the client knew the
101 correct password (or the 16 byte hashed value - see security note
102 below) and is thus allowed access. If not, then the client did not
103 know the correct password and is denied access.</P
105 >Note that the Samba server never knows or stores the cleartext
106 of the user's password - just the 16 byte hashed values derived from
107 it. Also note that the cleartext password or 16 byte hashed values
108 are never transmitted over the network - thus increasing security.</P
116 >Important Notes About Security</A
119 >The unix and SMB password encryption techniques seem similar
120 on the surface. This similarity is, however, only skin deep. The unix
121 scheme typically sends clear text passwords over the network when
122 logging in. This is bad. The SMB encryption scheme never sends the
123 cleartext password over the network but it does store the 16 byte
124 hashed values on disk. This is also bad. Why? Because the 16 byte hashed
125 values are a "password equivalent". You cannot derive the user's
126 password from them, but they could potentially be used in a modified
127 client to gain access to a server. This would require considerable
128 technical knowledge on behalf of the attacker but is perfectly possible.
129 You should thus treat the smbpasswd file as though it contained the
130 cleartext passwords of all your users. Its contents must be kept
131 secret, and the file should be protected accordingly.</P
133 >Ideally we would like a password scheme which neither requires
134 plain text passwords on the net or on disk. Unfortunately this
135 is not available as Samba is stuck with being compatible with
136 other SMB systems (WinNT, WfWg, Win95 etc). </P
156 >Note that Windows NT 4.0 Service pack 3 changed the
157 default for permissible authentication so that plaintext
161 > sent over the wire.
162 The solution to this is either to switch to encrypted passwords
163 with Samba or edit the Windows NT registry to re-enable plaintext
164 passwords. See the document WinNT.txt for details on how to do
167 >Other Microsoft operating systems which also exhibit
168 this behavior includes</P
174 >MS DOS Network client 3.0 with
175 the basic network redirector installed</P
179 >Windows 95 with the network redirector
195 >All current release of
196 Microsoft SMB/CIFS clients support authentication via the
197 SMB Challenge/Response mechanism described here. Enabling
198 clear text authentication does not disable the ability
199 of the client to participate in encrypted authentication.</P
210 >Advantages of SMB Encryption</A
217 >plain text passwords are not passed across
218 the network. Someone using a network sniffer cannot just
219 record passwords going to the SMB server.</P
223 >WinNT doesn't like talking to a server
224 that isn't using SMB encrypted passwords. It will refuse
225 to browse the server if the server is also in user level
226 security mode. It will insist on prompting the user for the
227 password on each connection, which is very annoying. The
228 only things you can do to stop this is to use SMB encryption.
239 >Advantages of non-encrypted passwords</A
246 >plain text passwords are not kept
251 >uses same password file as other unix
252 services such as login and ftp</P
256 >you are probably already using other
257 services (such as telnet and ftp) which send plain text
258 passwords over the net, so sending them for SMB isn't
271 NAME="SMBPASSWDFILEFORMAT"
273 >The smbpasswd file</A
276 >In order for Samba to participate in the above protocol
277 it must be able to look up the 16 byte hashed values given a user name.
278 Unfortunately, as the UNIX password value is also a one way hash
279 function (ie. it is impossible to retrieve the cleartext of the user's
280 password given the UNIX hash of it), a separate password file
281 containing this 16 byte value must be kept. To minimise problems with
282 these two password files, getting out of sync, the UNIX <TT
292 >, is provided to generate
293 a smbpasswd file from a UNIX <TT
299 >To generate the smbpasswd file from your <TT
303 > file use the following command :</P
311 >cat /etc/passwd | mksmbpasswd.sh
312 > /usr/local/samba/private/smbpasswd</B
316 >If you are running on a system that uses NIS, use</P
324 >ypcat passwd | mksmbpasswd.sh
325 > /usr/local/samba/private/smbpasswd</B
332 > program is found in
333 the Samba source directory. By default, the smbpasswd file is
338 >/usr/local/samba/private/smbpasswd</TT
341 >The owner of the <TT
343 >/usr/local/samba/private/</TT
345 directory should be set to root, and the permissions on it should
348 >chmod 500 /usr/local/samba/private</B
352 >Likewise, the smbpasswd file inside the private directory should
353 be owned by root and the permissions on is should be set to 0600
356 >chmod 600 smbpasswd</B
359 >The format of the smbpasswd file is (The line has been
360 wrapped here. It should appear as one entry per line in
361 your smbpasswd file.)</P
364 CLASS="PROGRAMLISTING"
365 >username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
366 [Account type]:LCT-<last-change-time>:Long name
370 >Although only the <TT
384 > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</I
395 > last-change-time</I
397 > sections are significant
398 and are looked at in the Samba code.</P
403 > important that there by 32
404 'X' characters between the two ':' characters in the XXX sections -
405 the smbpasswd and Samba code will fail to validate any entries that
406 do not have 32 characters between ':' characters. The first XXX
407 section is for the Lanman password hash, the second is for the
408 Windows NT version.</P
410 >When the password file is created all users have password entries
411 consisting of 32 'X' characters. By default this disallows any access
412 as this user. When a user has a password set, the 'X' characters change
413 to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii
414 representation of the 16 byte hashed value of a user's password.</P
416 >To set a user to have no password (not recommended), edit the file
417 using vi, and replace the first 11 characters with the ascii text
421 > (minus the quotes).</P
423 >For example, to clear the password for user bob, his smbpasswd file
424 entry would look like :</P
427 CLASS="PROGRAMLISTING"
428 > bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell
432 >If you are allowing users to use the smbpasswd command to set
433 their own passwords, you may want to give users NO PASSWORD initially
434 so they do not have to enter a previous password when changing to their
435 new password (not recommended). In order for you to allow this the
439 > program must be able to connect to the
443 > daemon as that user with no password. Enable this
444 by adding the line :</P
448 >null passwords = yes</B
451 >to the [global] section of the smb.conf file (this is why
452 the above scenario is not recommended). Preferably, allocate your
453 users a default password to begin with, so you do not have
454 to enable this on your server.</P
459 >This file should be protected very
460 carefully. Anyone with access to this file can (with enough knowledge of
461 the protocols) gain access to your SMB server. The file is thus more
462 sensitive than a normal unix <TT
473 >The smbpasswd Command</A
476 >The smbpasswd command maintains the two 32 byte password fields
477 in the smbpasswd file. If you wish to make it similar to the unix
487 >/usr/local/samba/bin/</TT
489 main Samba binary directory).</P
491 >Note that as of Samba 1.9.18p4 this program <I
495 > setuid root (the new <B
499 code enforces this restriction so it cannot be run this way by
505 > now works in a client-server mode
506 where it contacts the local smbd to change the user's password on its
507 behalf. This has enormous benefits - as follows.</P
513 >smbpasswd no longer has to be setuid root -
514 an enormous range of potential security problems is
522 > now has the capability
523 to change passwords on Windows NT servers (this only works when
524 the request is sent to the NT Primary Domain Controller if you
525 are changing an NT Domain user's password).</P
529 >To run smbpasswd as a normal user just type :</P
543 >Old SMB password: </TT
547 ><type old value here -
548 or hit return if there was no old password></B
554 >New SMB Password: </TT
558 ><type new value>
565 >Repeat New SMB Password: </TT
569 ><re-type new value
574 >If the old value does not match the current value stored for
575 that user, or the two new values do not match each other, then the
576 password will not be changed.</P
578 >If invoked by an ordinary user it will only allow the user
579 to change his or her own Samba password.</P
581 >If run by the root user smbpasswd may take an optional
582 argument, specifying the user name whose SMB password you wish to
583 change. Note that when run as root smbpasswd does not prompt for
584 or check the old password value, thus allowing root to set passwords
585 for users who have forgotten their passwords.</P
590 > is designed to work in the same way
591 and be familiar to UNIX users who use the <B
600 >For more details on using <B
604 to the man page which will always be the definitive reference.</P
612 >Setting up Samba to support LanManager Encryption</A
615 >This is a very brief description on how to setup samba to
616 support password encryption. </P
623 >compile and install samba as usual</P
627 >enable encrypted passwords in <TT
630 > by adding the line <B
634 > in the [global] section</P
638 >create the initial <TT
642 password file in the place you specified in the Makefile
643 (--prefix=<dir>). See the notes under the <A
644 HREF="#SMBPASSWDFILEFORMAT"
645 >The smbpasswd File</A
647 section earlier in the document for details.</P
651 >Note that you can test things using smbclient.</P
git.samba.org / kai / samba.git / blob