Penguin
Recent Changes
Blame: smbpasswd(5)
EditPageHistoryDiffInfoLikePages
Annotated edit history of smbpasswd(5) version 1, including all changes. View license author blame.
Rev Author # Line
1 perry 1 SMBPASSWD
2 !!!SMBPASSWD
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 FILE FORMAT
7 VERSION
8 SEE ALSO
9 AUTHOR
10 ----
11 !!NAME
12
13
14 smbpasswd - The Samba encrypted password file
15 !!SYNOPSIS
16
17
18 ''smbpasswd''
19 !!DESCRIPTION
20
21
22 This tool is part of the Sambasuite.
23
24
25 smbpasswd is the Samba encrypted password file. It contains
26 the username, Unix user id and the SMB hashed passwords of
27 the user, as well as account flag information and the time
28 the password was last changed. This file format has been
29 evolving with Samba and has had several different formats in
30 the past.
31 !!FILE FORMAT
32
33
34 The format of the smbpasswd file used by Samba 2.2 is very
35 similar to the familiar Unix ''passwd(5)'' file. It is an
36 ASCII file containing one line for each user. Each field
37 ithin each line is separated from the next by a colon. Any
38 entry beginning with '#' is ignored. The smbpasswd file
39 contains the following information for each
40 user:
41
42
43 __name__
44
45
46 This is the user name. It must be a name that already exists
47 in the standard UNIX passwd file.
48
49
50 __uid__
51
52
53 This is the UNIX uid. It must match the uid field for the
54 same user entry in the standard UNIX passwd file. If this
55 does not match then Samba will refuse to recognize this
56 smbpasswd file entry as being valid for a user.
57
58
59 __Lanman Password Hash__
60
61
62 This is the LANMAN hash of the user's password, encoded as
63 32 hex digits. The LANMAN hash is created by DES encrypting
64 a well known string with the user's password as the DES key.
65 This is the same password used by Windows 95/98 machines.
66 Note that this password hash is regarded as weak as it is
67 vulnerable to dictionary attacks and if two users choose the
68 same password this entry will be identical (i.e. the
69 password is not
70
71
72 __WARNING !!__ Note that, due to the challenge-response
73 nature of the SMB/CIFS authentication protocol, anyone with
74 a knowledge of this password hash will be able to
75 impersonate the user on the network. For this reason these
76 hashes are known as __plain text equivalents__ and must
77 __NOT__ be made available to anyone but the root user. To
78 protect these passwords the smbpasswd file is placed in a
79 directory with read and traverse access only to the root
80 user and the smbpasswd file itself must be set to be
81 read/write only by root, with no other access.
82
83
84 __NT Password Hash__
85
86
87 This is the Windows NT hash of the user's password, encoded
88 as 32 hex digits. The Windows NT hash is created by taking
89 the user's password as represented in 16-bit, little-endian
90 UNICODE and then applying the MD4 (internet rfc1321) hashing
91 algorithm to it.
92
93
94 This password hash is considered more secure than the LANMAN
95 Password Hash as it preserves the case of the password and
96 uses a much higher quality hashing algorithm. However, it is
97 still the case that if two users choose the same password
98 this entry will be identical (i.e. the password is not
99
100
101 __WARNING !!__. Note that, due to the challenge-response
102 nature of the SMB/CIFS authentication protocol, anyone with
103 a knowledge of this password hash will be able to
104 impersonate the user on the network. For this reason these
105 hashes are known as __plain text equivalents__ and must
106 __NOT__ be made available to anyone but the root user. To
107 protect these passwords the smbpasswd file is placed in a
108 directory with read and traverse access only to the root
109 user and the smbpasswd file itself must be set to be
110 read/write only by root, with no other access.
111
112
113 __Account Flags__
114
115
116 This section contains flags that describe the attributes of
117 the users account. In the Samba 2.2 release this field is
118 bracketed by '[[' and ']' characters and is always 13
119 characters in length (including the '[[' and ']' characters).
120 The contents of this field may be any of the
121 characters.
122
123
124 __U__ - This means this is a
125 __
126
127
128 __N__ - This means the account has no password (the
129 passwords in the fields LANMAN Password Hash and NT Password
130 Hash are ignored). Note that this will only allow users to
131 log on with no password if the ''null passwords''
132 parameter is set in the ''smb.conf(5)'' config
133 file.
134
135
136 __D__ - This means the account is disabled and no
137 SMB/CIFS logins will be allowed for this user.
138
139
140 __W__ - This means this account is a
141 __
142
143
144 Other flags may be added as the code is extended in future.
145 The rest of this field space is filled in with
146 spaces.
147
148
149 __Last Change Time__
150
151
152 This field consists of the time the account was last
153 modified. It consists of the characters 'LCT-' (standing for
154
155
156 All other colon separated fields are ignored at this
157 time.
158 !!VERSION
159
160
161 This man page is correct for version 2.2 of the Samba
162 suite.
163 !!SEE ALSO
164
165
166 __smbpasswd(8)__, samba(7), and the Internet RFC1321 for
167 details on the MD4 algorithm.
168 !!AUTHOR
169
170
171 The original Samba software and related utilities were
172 created by Andrew Tridgell. Samba is now developed by the
173 Samba Team as an Open Source project similar to the way the
174 Linux kernel is developed.
175
176
177 The original Samba man pages were written by Karl Auer. The
178 man page sources were converted to YODL format (another
179 excellent piece of Open Source software, available at
180 ftp://ftp.icce.rug.nl/pub/unix/
181 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.