!==
!== ENCRYPTION.txt for Samba release 1.9.17p5 20 Dec 1997
!==
Ƽ:	Jeremy Allison <samba-bugs@samba.anu.edu.au>
:	1997/06/27
:	WinNT.txt ⻲ȤΤ

:	ƣʸͥ <fumiya@yk.rim.or.jp,fumiya@cij.co.jp>
:	1997/11/07

:	LanManager / Samba ѥɤΰŹ沽
============================================================================

Samba Ѥ LanManager  Windows NT ߴΥѥɰŹ沽
ȯˤäơSamba  LanManager  Windows NT Фȸ̩Ʊ
ˡǥ桼³ǧڤԤȤǤ롣

ʸϡSMB ѥɰŹ沽르ꥺबɤΤ褦˵ǽ뤫
ޤλѤɬפȤ뤫ɤξǵ󤲤ϲ
Ҥ롣տɤ٤Ǥ뤬ä˥ƥˤĤƤʬ 
PROS AND CONSפդߤ

ɤΤ褦˵ǽ뤫?
---------------------

LanManager ΰŹ沽ϡUNIX ΥѥɰŹ沽Ȥ餫Ƥ롣
Фϥ桼Υѥɤϥå夵줿(hashed)ͤޤե
Ѥ롣ͤϡ桼ʿʸ(plaintext)ѥɤꡢ
ʸˤơƬ 14 ХȤڤ(ޤ 14 ХȤˤʤ褦
null ХȤͤ)Ȥˤä롣 14 ХȤͤϡ8 ХȤ
`ޥå'ͤŹ沽뤿 2 Ĥ 56 ӥå DES ȤƻѤ
Τǡ 16 ХȤͤФȥ饤Ȥˤäݻ롣
֥ͤϥå夵줿ѥ(hashed password)פȤȤФƤ

Windows NT ΰŹ沽ϡ桼ѥɤ Unicode С
MD4 ϥåԤȤǷ롢⤤εǤ롣
Բĵդ 16 ХȤΥϥåͤФ

饤(LanManagerWindows for WorkGroups, Windows 95 뤤
Windows NT) Samba Υɥ饤(ޤ Samba ꥽)ΥޥȤ˾Ȥ
饤ȤϺǽ³׵ᤷơƥ饤ȤȥФѤ
ץȥ(negotiate)롣׵ФˤơSamba Ф
8 ХȤդä롣ͤϡ Samba Ф
¸롣ϡָƤӤ(challenge)פȤΤ롣

ƤӤͤϡ饤Ȥ³˰ۤʤ롣

饤Ȥϡϥå夵줿ѥ(嵭褦 16 ХȤ)
Ѥ3 Ĥ 56 ӥå DES ( 21 Х)ˤʤ褦 5 ХȤ
null ɲä줾ΥϸƤӤ줿 8 ХȤͤŹ沽
˻Ѥ롣Ź沽ˤ줿 24 ХȤͤϡֱ(response)
ȤΤ롣

SMB  SMBsessionsetupX (桼٥Υƥ򤵤줿Ȥ)
ޤ SMBtconX (ͭ٥Υƥ򤵤줿Ȥ)θƤӽФ
ơ24 ХȤαϥ饤Ȥ Samba Ф֤롣
Windows NT Υץȥ롦٥Ǥϡ嵭η׻ξΥ桼
ѥɤΥϥåͤˤƤʤ졢ξα SMB ƤӽФ
֤ơ2 Ĥ 24 Хͤ롣

Samba ФϡȤݻ 16 ХȤΥϥå夵줿ѥ
(smbpasswd ե뤫ɤ - )ͤȥץȥ붨α
ݻƤƤӤ(challenge)ͤѤơ嵭η׻߽Ф
 Samba ׻ 24 ХȤͤ饤Ȥ֤줿
24 ХȤͤȰפ뤫ɤ򸡺롣

ͤ˰פʤ顢饤Ȥѥ(⤷
16 ХȤΥϥå - Υƥդ򻲾)ΤäƤ
ȤˤʤꡢĤ롣פ饤Ȥ
ѥɤΤäƤʤСϵݤ롣

Samba Фϥ桼ѥɤʿʸ(cleartext)Τä¸ꤷʤ
Ȥդߤ16 ХȤΥϥåͤѥɤ롣
ʿʸѥɡޤ 16 ХȤΥϥåͤͥåȥž
ȤʤˤաΤ褦ˤƥƥƤ롣

ƥ˴ؤפ
------------------------------

UNIX  SMB ΥѥɰŹ沽εѤϡɽƱ褦˸롣
ɽǤ롣Ū UNIX ϥ
ͥåȥ̤ʿʸѥɤ롣Ϥޤ
SMB ΰŹ沽ιʿʸѥɤͥåȥ뤳Ȥ
ʤǥ 16 ХȤΥϥåͤǼ롣ޤ
ʤ? 16 ХȤΥϥåͤϡ֥ѥɤפǤ뤿
ͤ桼Υѥɤ뤳ȤϤǤʤä
饤Ȥ顢ФؤΥ뤿Ѥǽ롣

Ԥˤϡ(atacker)ΤΤʤεŪμɬפȤ
μ¤˼¹ԲǽǤ롣äơsmbpasswd ե
٤ƤΥ桼ʿʸʥѥɤäƤΤȤư٤Ǥ롣
Ȥϵ̩ݤʤФʤ餺椨˥եݸ
٤Ǥ롣

Ūˤϡͥåȥȥǥɤʿʸѥɤɬפ
ʤѥɵ˾ǤˤSamba ˤۤ SMB
ƥ(WinNT, WfWg, Win95, Τۤ)Ȥθߴ餻뤿ˡ
ѤǤʤ


PROS AND CONS
-------------

ξεˤȷ롣

SMB Ź沽:
-----------------------------

- ʿʸѥɤϥͥåȥ̤Ϥʤͥåȥõδ
Ѥï SMB ФظѥɤϿ뤳Ȥꤨʤ

- WinNT  SMB Ź沽ѥɤѤƤʤФȤ̿򹥤ޤʤ
ξ塢Ф桼٥ΥƥǤȡФ
֥饦ݤ롣ˤꡢơ³ˤƥѥɤФ桼
μפ졢ݵƫɤˤǤͣˡϡ
SMB Ź沽Ѥ뤳ȤǤ롣

Ź沽ʤѥɤ:
--------------------------------------

- ʿʸʥѥɤϥǥ¸ʤ

- login  ftp Τ褦ʤۤ UNIX ӥƱѥɡե
Ѥ롣

- ֤󡢤ʤϴˤۤΥӥ(telnet  ftp ʤ)ѤƤꡢ
餬ͥåȥ̤ʿʸʥƥȤΥѥɤäƤ뤿ᡢ
SMB ǤʤƤ⤽ۤ礷̣Ϥʤ

դȤơWindows NT 4.0 Service Pack 3 ǤϴǵĤǧڤ
ѹơʿʸѥɤ*Ф*ͥåȥʤ褦ˤʤä
褹ˤϡSamba Ź沽ѥɤ򥵥ݡȤ褦Ѥ뤫
ʿʸѥɤƤͭˤʤ褦 Windows NT Υ쥸ȥԽ뤫
ɤ餫롣ܺ٤ʤʸ WinNT.txt 򻲾ȤΤȡ

smbpasswd ե
-------------------

Samba 嵭Υץȥ˻äˤϡ桼̾Ϳ줿 16 ХȤ
ϥåͤʤФʤʤǰʤ顢UNIX ѥɤͤ
ΥϥåؿǤ(ʤUNIX Υ桼ѥɤΥϥå
Ϳʿʸʥ桼ѥɤ᤹ΤԲǽǤ)ᡢ
16 ХȤ̤ͤΥѥɡեݻʤФʤʤ
飲ĤΥѥɡեˤä UNIX /etc/passwd  smbpasswd
ե뤬ƱʤǾˤ뤿ᡢ桼ƥƥ mksmbpasswd.sh
 UNIX /etc/passwd ե뤫 smbpasswd ե뤿
󶡤롣

/etc/passwd ե뤫 smbpasswd եˤϰʲΥޥɤ
Ѥ:

    cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd

ưƤ륷ƥ NIS ѤƤʤ:

    ypcat passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd

mksmbpasswd.sh ץ Samba Υǥ쥯ȥǸĤ롣
Ǥϡsmbpasswd եϤξ¸:

    /usr/local/samba/private/smbpasswd

/usr/local/samba/private ǥ쥯ȥΥʡ root ꤷ
(permission) ϼΤ褦ˤ٤Ǥ:

    r-x------

ޥ:

    chmod 500 /usr/local/samba/private

ϤŪ¹ԤǤ롣Ʊͤ private ǥ쥯ȥ smbpasswd ե
root ˽ͭơεĤ򼡤Τ褦ꤷۤ褤

    rw-------

ޥ:

    chmod 600 smbpasswd.

smbpasswd եη

    username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Long name:user home dir:user shell

usernameuidXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ʬפǡ
Samba ɤǸ롣

ĤΡ:פδ֤ˤ XXX ʬ 32 ʸΡXפ϶ˤƽפǤ롣
smbpasswd  Samba ɤϡ:ʸ֤ 32 ʸäƤʤ
ȥǧڤ˼Ԥǽ XXX ʬ Lanman ѥѤ
ϥåǡܤ Windows NT СѤǤ롣

ѥɡե뤬줿Ǥϡ٤ƤΥ桼 32 ʸΡXפ
ޤѥɡȥäƤ롣ǤϡΤ褦ʥȥ
桼Υϵ䤵롣桼ѥɤĤȡXפ
32 Ĥ ASCII ʸˤ 16 ʿ(0-9, A-F)Ѥ롣
桼ѥɤ 16 ХȤΥϥåͤ ASCII ɽ¸ߤ롣

桼ѥɤʤꤹ(ᤷʤ)ˤϡvi Ȥäƥե
Խǽ 11 ʸ򼡤 ASCII ƥȤ֤롣

    NO PASSWORD

ȤС桼 bob Υѥɤäˤϡ smbpasswd ե
ȥϤΤ褦˸:

    bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Bob's full name:/bobhome:/bobshell

桼 smbpasswd ޥɤȤäƼʬΥѥɤꤹ뤳Ȥ
Ƥʤ顢ǽ NO PASSWORD 桼ͿȻפ
뤳Ȥǡ桼ϿѥɤѹȤ˰Υѥɤ
ϤʤƤѤࡣ(ᤷʤ)

 : ΥետݸʤФʤʤΥե
ï(ʬʥץȥμä) SMB ФؤΥ
뤳ȤǤ롣äơΥեɸŪ UNIX  /etc/passwd ե
⤵˼갷˿Ťפ롣

smbpasswd ޥ
------------------

smbpasswd ޥɤ smbpasswd եˤ 2 Ĥ 32 ХȤΥѥ
եɤݻ롣UNIX  passwd  yppasswd ץƱˤ
ʤ顢/usr/local/samba/bin (⤷ Samba Хʥμǥ쥯ȥ)
󥹥ȡ뤷root  setuid 褦

¹Ԥʤȡroot 桼桼Υѥɤꤷʤ
ʤʤդƤۤ

smbpasswd  root  setuid ˤϡSamba Хʥ򥤥󥹥ȡ뤷
ǥ쥯ȥꡢΥޥɤ(root ˤʤä)Ǥ:

    chown root smbpasswd
    chmod 4555 smbpasswd

smbpasswd  root  setuid ƥ󥹥ȡ뤹ȡʲΤ褦
ѤǤ롣

    smbpasswd
    Old SMB password: <˸Ťͤ - NO PASSWORD ʤ꥿ǤĤ>
    New SMB Password: <ͤ>
    Repeat New SMB Password: <ͤ>

Ťͤ桼Ѥ¸Ƥ븽ߤͤȰפʤ䡢
Ĥοͤߤפʤ硢ѥɤѹʤ

̥桼鵯ưȡʬȤ Samba ѥɤѹǽǤ롣

root 桼¹Ԥ뤳ȤˤꡢSMB ѥɤѹ桼̾
smbpasswd ΰͿ뤳ȤǤ롣root ˤ smbpasswd μ¹ԤǤ
ŤѥͤפФꡢԤʤȤդƤۤ
äơѥɤ˺Ƥޤä桼Фƥѥɤꤹ뤳Ȥ
Ǥ롣

smbpasswd  passwd  yppasswd ޥɤѤ UNIX 桼
ޤ褦ˡƱͼư褦ǥ󤵤Ƥ롣

: smbpasswd  root  setuid ƥ󥹥ȡ뤵褦
ǥ󤵤Ƥ뤿ᡢ⤬Ūʥƥη٤Ԥ
ɤĴ٤뤫⤷ʤȤǧƤ롣
setuid ץबŬڤ˽񤫤ƤʤȡƥࡦåΤ
줿ɥȤʤ롣(ԤǤ Jeremy Allison)ˤ٤Ƥ
뤳ȤǡΥץΥƥݤ򤷤Ƥۤ

 email ɥ쥹:

    jallison@whistle.com

Samba  LanManager Ź沽бˤ뤿
--------------------------------------------------

ʲ Samba ѥɰŹ沽бꤹˡȤƤʷ
ҤΤǤ롣餯˴դä

1) libdes 饤֥ꤷѥ뤹롣
ftp://samba.anu.edu.au/pub/libdes/ Ǥ롣

2) makefile ΰŹ沽κͭˤơ줬 libdes 饤֥
󥯥롼ɡե(des.h ɬ)ؤƤ뤳Ȥǧ롣
ȤϤɬפ륨ȥϡΤ褦ʥȤθˤ
ԤǤ롣

    # This is for SMB encrypted (lanman) passwords.

ѿ DES_BASE  DES 饤֥򥤥󥹥ȡ뤷ؤ褦
ѹʤƤϤʤʤȤա

3) ̾ɤ Samba 򥳥ѥ뤷󥹥ȡ뤹롣

4) ʤΥƥ getsmbpass.c ⥸塼򥳥ѥǤʤʤ
Makefile  -DSMBGETPASS 롣

5) Ź沽줿ѥɤǽˤ뤿 smb.conf  [global] 
ˡencrypt passwords = yesפɲä롣

6) Makefile ǻꤷ˽ smbpasswd ѥɡե
롣¸ Makefile (ɸŪʷǤꤹ)
ŤƤԤñˡϼΤ褦ˤʤ:

    cat /etc/passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd

private  smbpasswd νͭ root ѹ롣

    chown -R root /usr/local/samba/private

Ĥ /usr/local/samba/private ꤹ롣

    chmod 500 /usr/local/samba/private

Ĥ /usr/local/samba/private/smbpasswd ꤹ롣

    chmod 600 /usr/local/samba/private/smbpasswd

mksmbpasswd.sh ץȤ Samba Υǥ쥯ȥˤ뤳Ȥ
ФƤ

⤷ mksmbpasswd.sh Ԥʤ顢ʤϼΤ褦ʥȥɬפ
Ƥ뤳ȤФƤ:

    # SMB password file.
    tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Andrew Tridgell:/home/tridge:/bin/tcsh

桼̾ uid ŬڤˤʤФʤʤȤաޤX ο
뤳ȡ(32 ĤʤƤϤʤʤ)

˾ߤʤ顢smbpasswd ץ root  setuid ƥ󥹥ȡ뤹롣

    chown root /usr/local/samba/bin/smbpasswd
    chmod 4555 /usr/local/samba/bin/smbpasswd

7) smbpasswd ޥɤѤ桼˥ѥɤꤹ롣ȤС
root ˤʤäơsmbpasswd tridgeפ¹Ԥ뤳ȤǤ롣

8) äƤߤ褦!

ޤ smbclient Ź沽бƤ뤿ᡢsmbclient Ѥ
ƥȤǤ뤳Ȥա

Samba ߥ顼Ƥƹ񥵥Ȥؤ
-----------------------------------------

DES 饤֥ƹǤϷʤȤߤʤƤ롣ƹˡβ
Υեȥ͢ФꡢͳǤ ftp Ȥ֤Ȥ
ˡȤʤ롣

libdes 饤֥ samba.anu.edu.au Ȥߥ顼ʤǤ

Thank you,

Jeremy Allison.

==============================================================================
: WinNT.txt ⻲ȤΤ
