What is the difference between sambaLMPassword and sambaNTPassword?

linux samba

While configuring a linux server with samba and LDAP support I came across these two fields. What's the difference between them?

At the moment, the server is only using samba to share each user's home directory through the network, authenticating users each time they connect. Are both fields used on this authentication?


Basically this:

  • The LM Hash is computed using the DES() algorithm. The computation is fairly simple. The input is the password, in OEM Charset (8-bit) encoding, converted to upper case. In most cases that's just the upper-case of an ASCII string.

  • The NT Hash is just the MD4() of the password. In this case, however, the password must be in Unicode (UCS2LE encoding).

(A bit) More info is here: http://ubiqx.org/cifs/SMB.html#SMB.8

EDIT: For details you may want to ask on http://stackoverflow.com, the details on how to implement this is probably more related to programming than system administration


I agree with Server Horror, but you should be aware that the LM hash isn't needed for anything newer then Windows 95, and as "rainbow tables" for them are available (a rainbow table is a complete reverse list for a hash, ie, for any hash here's the password) it should be disabled for security.

To disable on MS systems: http://support.microsoft.com/kb/299656

On samba it's the "lanman auth" setting, which, according to the man page, is disabled by default in current samba.

Related

What is the added value of installing Dell / HP / IBM / etc. supplied drivers?
How good/safe are disk to disk backups?
bad printer isolation on print server or better way?
Software to Monitor the Stability of Internet Connection [closed]
Cannot create self-signed SSL certificate with IIS 7
ORA-12705: Cannot access NLS data files or invalid environment specified
pfsense: how to block internet for one client
ptr for a subdomain
Recommendation: Company website forced to https?
Should I back up my WSUS server?
Securing Acrobat Reader to mitigate viruses
How to fix the wiring mess that is my server room