smbpasswd man page on BSDOS

Man page or keyword search:  
man Server   6284 pages
apropos Keyword Search (all sections)
Output format
BSDOS logo
[printable version]



SMBPASSWD(5)					     SMBPASSWD(5)

NAME
       smbpasswd - The Samba encrypted password file

SYNOPSIS
       smbpasswd

DESCRIPTION
       This tool is part of the	 Sambasuite.

       smbpasswd  is  the  Samba encrypted password file. It con-
       tains the username, Unix user id and the SMB hashed  pass-
       words of the user, as well as account flag information and
       the time the password was last changed. This  file  format
       has been evolving with Samba and has had several different
       formats in the past.

FILE FORMAT
       The format of the smbpasswd file used by Samba 2.2 is very
       similar	to  the	 familiar  Unix	 passwd(5) file. It is an
       ASCII file containing one line for each user.  Each  field
       ithin each line is separated from the next by a colon. Any
       entry beginning with '#' is ignored.  The  smbpasswd  file
       contains the following information for each user:

       name   This  is	the  user  name.  It  must be a name that
	      already exists in the standard UNIX passwd file.

       uid    This is the UNIX uid. It must match the  uid  field
	      for the same user entry in the standard UNIX passwd
	      file.  If this  does  not	 match	then  Samba  will
	      refuse  to  recognize  this smbpasswd file entry as
	      being valid for a user.

       Lanman Password Hash
	      This is the LANMAN hash  of  the	user's	password,
	      encoded  as  32 hex digits. The LANMAN hash is cre-
	      ated by DES encrypting a well known string with the
	      user's  password	as  the DES key. This is the same
	      password used by Windows 95/98 machines.	Note that
	      this  password  hash  is	regarded as weak as it is
	      vulnerable to dictionary attacks and if  two  users
	      choose the same password this entry will be identi-
	      cal (i.e. the password is not "salted" as the  UNIX
	      password	is). If the user has a null password this
	      field will contain the characters "NO PASSWORD"  as
	      the  start  of the hex string. If the hex string is
	      equal to 32 'X' characters then the user's  account
	      is marked as disabled and the user will not be able
	      to log onto the Samba server.

	      WARNING !! Note that, due to the challenge-response
	      nature  of  the  SMB/CIFS	 authentication protocol,
	      anyone with a knowledge of this password hash  will
	      be able to impersonate the user on the network. For

			   09 July 2001				1

SMBPASSWD(5)					     SMBPASSWD(5)

	      this reason these hashes are known  as  plain  text
	      equivalents  and must NOT be made available to any-
	      one but the root user. To protect	 these	passwords
	      the  smbpasswd  file  is placed in a directory with
	      read and traverse access only to the root user  and
	      the  smbpasswd  file  itself  must  be  set  to  be
	      read/write only by root, with no other access.

       NT Password Hash
	      This is the Windows NT hash of the user's password,
	      encoded  as  32  hex digits. The Windows NT hash is
	      created by taking the  user's  password  as  repre-
	      sented  in  16-bit,  little-endian UNICODE and then
	      applying the MD4 (internet rfc1321)  hashing  algo-
	      rithm to it.

	      This  password  hash is considered more secure than
	      the LANMAN Password Hash as it preserves	the  case
	      of  the  password	 and  uses  a much higher quality
	      hashing algorithm.  However, it is still	the  case
	      that  if	two  users  choose the same password this
	      entry will be identical (i.e. the password  is  not
	      "salted" as the UNIX password is).

	      WARNING  !!.  Note  that,	 due  to  the  challenge-
	      response nature of the SMB/CIFS authentication pro-
	      tocol,  anyone  with  a  knowledge of this password
	      hash will be able to impersonate the  user  on  the
	      network.	For this reason these hashes are known as
	      plain text equivalents and must NOT be made  avail-
	      able  to anyone but the root user. To protect these
	      passwords the smbpasswd file is placed in a  direc-
	      tory with read and traverse access only to the root
	      user and the smbpasswd file itself must be  set  to
	      be read/write only by root, with no other access.

       Account Flags
	      This  section  contains  flags  that  describe  the
	      attributes of the users account. In the  Samba  2.2
	      release  this  field  is	bracketed  by '[' and ']'
	      characters and is always 13  characters  in  length
	      (including  the  '[' and ']' characters).	 The con-
	      tents of this field may be any of the characters.

	      o U - This means this is a "User" account, i.e.  an
		ordinary  user.	 Only  User and Workstation Trust
		accounts are currently supported in the smbpasswd
		file.

	      o N  -  This means the account has no password (the
		passwords in the fields LANMAN Password Hash  and
		NT  Password  Hash  are	 ignored). Note that this
		will only allow users to log on with no	 password
		if  the	  null	passwords parameter is set in the

			   09 July 2001				2

SMBPASSWD(5)					     SMBPASSWD(5)

		smb.conf(5) config file.

	      o D - This means the account  is	disabled  and  no
		SMB/CIFS logins will be allowed for this user.

	      o W  -  This  means  this account is a "Workstation
		Trust" account. This kind of account is	 used  in
		the  Samba  PDC	 code  stream to allow Windows NT
		Workstations and Servers to join a Domain  hosted
		by a Samba PDC.

       Other  flags  may  be  added  as	 the  code is extended in
       future.	The rest of this field space is	 filled	 in  with
       spaces.

       Last Change Time
	      This  field  consists  of	 the time the account was
	      last modified. It consists of the characters 'LCT-'
	      (standing	 for  "Last  Change  Time") followed by a
	      numeric encoding of the UNIX time in seconds  since
	      the epoch (1970) that the last change was made.

       All other colon separated fields are ignored at this time.

VERSION
       This man page is correct for  version  2.2  of  the  Samba
       suite.

SEE ALSO
       smbpasswd(8),  samba(7),	 and  the  Internet  RFC1321  for
       details on the MD4 algorithm.

AUTHOR
       The original Samba software  and	 related  utilities  were
       created	by Andrew Tridgell. Samba is now developed by the
       Samba Team as an Open Source project similar  to	 the  way
       the Linux kernel is developed.

       The  original  Samba  man pages were written by Karl Auer.
       The  man	 page  sources	were  converted	 to  YODL  format
       (another	 excellent  piece of Open Source software, avail-
       able	     at		  ftp://ftp.icce.rug.nl/pub/unix/
       <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the
       Samba 2.0 release by Jeremy  Allison.  The  conversion  to
       DocBook for Samba 2.2 was done by Gerald Carter

			   09 July 2001				3

[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server BSDOS

List of man pages available for BSDOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net