!==
!== ENCRYPTION.txt for Samba release 1.9.18p8 13 Jun 1998
!==
Ƽ:	Jeremy Allison <samba-bugs@samba.anu.edu.au>
:	1998/03/19
:	WinNT.txt ⻲ȤΤ

:	ƣʸͥ <fumiya@cij.co.jp>
:	1998/06/11

:	LanManager / Samba ѥɤΰŹ沽
============================================================================

Samba Ѥ LanManager  Windows NT ߴΥѥɰŹ沽
ȯˤäơSamba  LanManager  Windows NT Фȸ̩Ʊ
ˡǥ桼³ǧڤԤȤǤ롣

ʸϡSMB ѥɰŹ沽르ꥺबɤΤ褦˵ǽ뤫
ޤλѤɬפȤ뤫ɤξǵ󤲤ϲ
Ҥ롣տɤ٤Ǥ뤬ä˥ƥˤĤƤʬ 
ֻξ(PROS AND CONS)פդߤ

ɤΤ褦˵ǽ뤫?
---------------------

LanManager ΰŹ沽ϡUNIX ΥѥɰŹ沽Ȥ餫Ƥ롣
Фϥ桼Υѥɤϥå夵줿(hashed)ͤޤե
Ѥ롣ͤϡ桼ʿʸ(plaintext)ѥɤꡢ
ʸˤơƬ 14 ХȤڤ(ޤ 14 ХȤˤʤ褦
null ХȤͤ)Ȥˤä롣 14 ХȤͤϡ8 ХȤ
֥ޥåͤŹ沽뤿 2 Ĥ 56 ӥå DES ȤƻѤ
Τǡ 16 ХȤͤФȥ饤Ȥˤäݻ롣
֥ͤϥå夵줿ѥ(hashed password)פȤȤФƤ

Windows NT ΰŹ沽ϡ桼ѥɤ Unicode Сǡ
MD4 ϥåԤȤǷ롢⤤εǤ롣
Բĵդ 16 ХȤΥϥåͤФ

饤(LanManagerWindows for WorkGroupsWindows 95 뤤
Windows NT) Samba Υɥ饤(ޤ Samba ꥽)ΥޥȤ˾Ȥ
饤ȤϺǽ³׵ᤷơƥ饤ȤȥФѤ
ץȥ(negotiate)롣׵ФˤơSamba Ф
8 ХȤդä롣ͤϡ Samba Ф
¸롣ϡָƤӤ(challenge)פȤΤ롣

ƤӤͤϡ饤Ȥ³˰ۤʤ롣

饤Ȥϥϥå夵줿ѥ(嵭褦 16 ХȤ)
Ѥơ3 Ĥ 56 ӥå DES ( 21 Х)ˤʤ褦 5 ХȤ
null ɲä줾ΥϸƤӤ줿 8 ХȤͤŹ沽
˻Ѥ롣Ź沽ˤ줿 24 ХȤͤϡֱ(response)
ȤΤ롣

SMB  SMBsessionsetupX (桼٥Υƥ򤵤줿Ȥ)
ޤ SMBtconX (ͭ٥Υƥ򤵤줿Ȥ)θƤӽФ
ơ24 ХȤαϥ饤Ȥ Samba Ф֤롣
Windows NT Υץȥ롦٥Ǥϡ嵭η׻ξΥ桼
ѥɤΥϥåͤˤƤʤ졢ξα SMB ƤӽФ
֤ơ2 Ĥ 24 Хͤ롣

Samba ФϡȤݻ 16 ХȤΥϥå夵줿ѥ
(smbpasswd ե뤫ɤ - )ͤȥץȥ붨α
ݻƤƤӤ(challenge)ͤѤơ嵭η׻߽Ф
 Samba ׻ 24 ХȤͤ饤Ȥ֤줿
24 ХȤͤȰפ뤫ɤ򸡺롣

ͤ˰פʤ顢饤Ȥѥ(⤷
16 ХȤΥϥå - Υƥդ򻲾)ΤäƤ
ȤˤʤꡢĤ롣פ饤Ȥ
ѥɤΤäƤʤСϵݤ롣

Samba Фϥ桼ѥɤʿʸ(cleartext)Τä¸ꤷʤ
Ȥդߤ16 ХȤΥϥåͤѥɤ롣
ʿʸѥɡޤ 16 ХȤΥϥåͤͥåȥž
ȤʤˤաΤ褦ˤƥƥݤƤ롣

ƥ˴ؤפ
------------------------------

UNIX  SMB ΥѥɰŹ沽εѤϡɽƱ褦˸롣
ɽǤ롣Ū UNIX ϥ
ͥåȥ̤ʿʸѥɤ롣Ϥޤ
SMB ΰŹ沽ιʿʸѥɤͥåȥ뤳Ȥ
ʤǥ 16 ХȤΥϥåͤǼ롣ޤ
ʤ? 16 ХȤΥϥåͤϡ֥ѥɤפǤ뤿
ͤ桼Υѥɤ뤳ȤϤǤʤä
饤Ȥ顢ФؤΥ뤿Ѥǽ롣

Ԥˤϡ(attacker)ΤΤʤεŪμɬפȤ
μ¤˼¹ԲǽǤ롣äơsmbpasswd ե
٤ƤΥ桼ʿʸѥɤäƤΤȤư٤Ǥ롣
Ȥϵ̩ݤʤФʤ餺椨˥եݸ
٤Ǥ롣

Ūˤϡͥåȥȥǥɤʿʸѥɤɬפ
ʤѥɵ˾ǤˤSamba ˤۤ SMB
ƥ(WinNTWfWgWin95Τۤ)Ȥθߴ餻뤿ˡ
ѤǤʤ


ξ(PROS AND CONS)
-----------------------

ξεˤȷ롣

SMB Ź沽:
-----------------------------

- ʿʸѥɤϥͥåȥ̤Ϥʤͥåȥõδ
Ѥï SMB ФظѥɤϿ뤳Ȥꤨʤ

- WinNT  SMB Ź沽ѥɤѤƤʤФȤ̿򹥤ޤʤ
ξ塢Ф桼٥ΥƥǤȡФ
֥饦ݤ롣ˤꡢơ³ˤƥѥɤФ桼
μפ졢ݵƫɤˤǤͣˡϡ
SMB Ź沽Ѥ뤳ȤǤ롣

Ź沽ʤѥɤ:
--------------------------------------

- ʿʸѥɤϥǥ¸ʤ

- login  ftp Τ褦ʤۤ UNIX ӥƱѥɡե
Ѥ뤳ȤǤ롣

- ֤󡢤ʤϴˤۤΥӥ(telnet  ftp ʤ)ѤƤꡢ
餬ͥåȥ̤ʿʸƥȤΥѥɤäƤ뤿ᡢ
SMB ǤʤƤ⤽ۤ礷̣Ϥʤ

դȤơWindows NT 4.0 Service Pack 3 ǤϴǵĤǧڤ
ѹơʿʸѥɤ*Ф*ͥåȥʤ褦ˤʤä
褹ˤϡSamba Ź沽ѥɤ򥵥ݡȤ褦Ѥ뤫
ʿʸѥɤƤͭˤʤ褦 Windows NT Υ쥸ȥԽ뤫
ɤ餫Ǥ롣ܺ٤ʤʸ WinNT.txt 򻲾ȤΤȡ

smbpasswd ե
-------------------

Samba 嵭Υץȥ˻äˤϡ桼̾Ϳ줿 16 ХȤ
ϥåͤʤФʤʤǰʤ顢UNIX ѥɤͤ
ΥϥåؿǤ(ʤUNIX Υ桼ѥɤΥϥå
ͿʿʸΥ桼ѥɤ᤹ΤԲǽǤ)ᡢ
16 ХȤ̤ͤΥѥɡեݻʤФʤʤ
飲ĤΥѥɡեˤä UNIX /etc/passwd  smbpasswd
ե뤬ƱʤǾˤ뤿ᡢ桼ƥƥ mksmbpasswd.sh
 UNIX /etc/passwd ե뤫 smbpasswd ե뤿
󶡤롣

/etc/passwd ե뤫 smbpasswd եˤϰʲΥޥɤ
Ѥ:

    cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd

ưƤ륷ƥ NIS ѤƤʤ:

    ypcat passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd

mksmbpasswd.sh ץ Samba Υǥ쥯ȥǸĤ롣
Ǥϡsmbpasswd եϤξ¸:

    /usr/local/samba/private/smbpasswd

/usr/local/samba/private ǥ쥯ȥΥʡ root ꤷ
(permission) ϼΤ褦ˤ٤Ǥ:

    r-x------

ޥ:

    chmod 500 /usr/local/samba/private

ϤŪ¹ԤǤ롣Ʊͤ private ǥ쥯ȥ smbpasswd ե
root ˽ͭơεĤ򼡤Τ褦ꤷۤ褤

    rw-------

ޥ:

    chmod 600 smbpasswd.

smbpasswd եη

    username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Long name:user home dir:user shell

usernameuidXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ʬפǡ
Samba ɤǸ롣

ĤΡ:פδ֤ˤ XXX ʬ 32 ʸΡXפ϶ˤƽפǤ롣
smbpasswd  Samba ɤϡ:ʸ֤ 32 ʸäƤʤ
ȥǧڤ˼Ԥǽ XXX ʬ Lanman ѥѤ
ϥåǡܤ Windows NT СѤǤ롣

ѥɡե뤬줿Ǥϡ٤ƤΥ桼 32 ʸΡXפ
ޤѥɡȥäƤ롣ǤϡΤ褦ʥȥ
桼Υϵ䤵롣桼ѥɤĤȡXפ
32 Ĥ ASCII ʸˤ 16 ʿ(0-9A-F)Ѥ롣
桼ѥɤ 16 ХȤΥϥåͤ ASCII ɽ¸ߤ롣

桼ѥɤʤꤹ(ᤷʤ)ˤϡvi Ȥäƥե
Խǽ 11 ʸ򼡤 ASCII ƥȤ֤롣

    NO PASSWORD

ȤС桼 bob Υѥɤäˤϡ smbpasswd ե
ȥʲΤ褦ˤ:

    bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Bob's full name:/bobhome:/bobshell

桼 smbpasswd ޥɤȤäƼʬΥѥɤꤹ뤳Ȥ
ĤƤʤ顢ǽ NO PASSWORD 桼ͿȻפ
뤳Ȥǡ桼ϿѥɤѹȤ˰Υѥɤ
ϤʤƤѤ(Ϥʤ) smbpasswd ץ
¸ˤϡsmbpasswd 桼Υѥɤʤ smbd ǡ
³Ǥ褦ˤʤФʤʤsmb.conf  [global] 
ʲιԤɲä:

    null passwords = true

嵭ʥꥪ侩ʤͳϤǤ롣ФǤͭˤʤƤ
Ѥ褦ˡǤкǽ˴Υѥɤ桼Ϳ褦ˤ褦

: ΥետݸʤФʤʤΥե
ï(ʬʥץȥμä) SMB ФؤΥ
뤳ȤǤ롣äơΥեɸŪ UNIX  /etc/passwd ե
⤵˼갷˿Ťפ롣

Ź沽ѥɤؤΰܹ
------------------------

Samba 1.9.18p5 Ȥ³СǤϡ Bruce Tenison 
äơupdate encryptedץѥ᡼ɲä줿
Υѥ᡼yesפꤷ(Ǥϡno)Samba ƥ
ͭʤ٤ƤΥ桼ޤޤ줿 smbpasswd ե뤬Ȥ롣
ˡΥ桼˰Ź沽줿ѥɤͿʤ
(ʤsmbpasswd ե Lanman ϥå NT ϥå
ȥϡXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXפꤵƤ)ˤƤ
ξ֤ǥ桼ʿʸѥɤǥ󤷤 UNIX Υѥɡȥ
פȡʿʸѥɤϥϥå岽 smbpasswd եϿ롣
٤ƤΥ桼Ź沽Ƥʤѥɤ˥λˤϡ
smbpasswd եˤϥ桼Τ UNIX ѥɤ
Lanman ϥå NT ϥå夬ݻ롣λǴԤϰŹ沽
ѥɤȤ褦 Samba ѹ Windows 95  NT
饤ȤŹ沽ѥɤ褦˹뤳Ȥǡ
Ź沽줿˰ܹԤ뤳ȤǤ롣桼Ū˥ѥɤ
ϤƤ餦褦ɬפϤʤդȤơΥץ
Ѥ뤿ˡyesפꤷȤˤϡencrypt passwordsץѥ᡼
noפꤷʤФʤʤΥѥ᡼ˤĤƤκǿξ
smb.conf Υޥ˥奢򻲾Ȥߤ

smbpasswd ޥ
------------------

smbpasswd ޥɤ smbpasswd եˤ 2 Ĥ 32 ХȤΥѥ
եɤݻ롣UNIX  passwd  yppasswd ץƱˤ
ʤ顢/usr/local/samba/bin (⤷ Samba Хʥμǥ쥯ȥ)
󥹥ȡ뤷褦

Samba 1.9.18p4 ǤϡΥץνͭԤ root ˤ setuid ӥåȤ
ΩƤƥ󥹥ȡ뤷ƤϤʤʤ(ۤΥץब root Ȥ
¹Ԥʤ褦ˡ smbpasswd ɤ¤ݤƤ)

ߤ smbpasswd ϥ饤 - ư
桼Υѥɤѹ뤿˥ smbd ³롣
ˤꡢʲΤ褦ʲä롣

1) ⤦ smbpasswd  setuid root ʤ
   ŪǹϰϤΥƥ꤬ʤʤ롣

2) smbpasswd  Windows NT ФΥѥɤѹ뵡ǽդ
   (NT Υץ饤ޥꡦɥᥤ󡦥ȥ׵ꡢ
    NT Υɥᥤ󡦥桼Υѥɤѹǽ)

3) smbpasswd  SMB ѥɤѹ줿ΤƱ UNIX Υѥɤ
   ѹ뤿 smbd Ѥ뤳ȤǤ롣ηξܺ٤ˤĤƤ
   smb.conf ޥ˥奢Υѥ᡼passwd programסpasswd chatס
   unix password syncפ򻲾ȤΤȡǽˤϡSamba 
   -DALLOW_CHANGE_PASSWORD ȤȤ˥ѥ뤵ƤʤФʤʤ
   (˥ƥब UNIX Υѥѹ򥵥ݡȤƤɬפ)

̥桼 smbpasswd ¹ԤˤϰʲΤ褦Ϥ롣

    smbpasswd
    Old SMB password: <˸Ťͤ - Ťѥɤʤʤ꥿>
    New SMB Password: <ͤ>
    Repeat New SMB Password: <ͤ>

Ťͤ桼Ѥ¸Ƥ븽ߤͤȰפʤ䡢
2 Ĥοͤߤפʤ硢ѥɤѹʤ

̥桼鵯ưȡʬȤ Samba ѥɤѹǤ롣

root 桼¹ԤȤϡsmbpasswd ΰ SMB ѥɤ
ѹ桼̾ꤹ뤳ȤǤ롣root ˤ smbpasswd μ¹ԤǤ
ŤѥͤϤ긡ԤʤȤդƤۤ
äơroot ϥѥɤ˺Ƥޤä桼Υѥɤ
ꤹ뤳ȤǤ롣

smbpasswd  passwd  yppasswd ޥɤѤ UNIX 桼
ޤ褦ˡƱͼư褦ǥ󤵤Ƥ롣

smbpasswd Ѥݤξܺ٤ˤĤƤϥޥ˥奢򻲾ȤΤȡ
ޥ˥奢ˤϾ˺ǽŪʸڤƤ롣

Samba  LanManager Ź沽бˤ뤿
-----------------------------------------------

ʲ Samba ѥɰŹ沽бꤹˡȤƤʷ
ҤΤǤ롣餯˴դä

1) ̾ɤ Samba 򥳥ѥ뤷󥹥ȡ뤹롣

2) ʤΥƥ getsmbpass.c ⥸塼򥳥ѥǤʤʤ
Makefile  -DSMBGETPASS 롣

3) Ź沽줿ѥɤǽˤ뤿 smb.conf  [global] 
ˡencrypt passwords = yesפɲä롣

4) Makefile ǻꤷ˽ smbpasswd ѥɡե
롣¸ Makefile (ɸŪʷǤꤹ)
ŤƤԤñˡϼΤ褦ˤʤ:

    cat /etc/passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd

private  smbpasswd νͭ root ѹ롣

    chown -R root /usr/local/samba/private

Ĥ /usr/local/samba/private ꤹ롣

    chmod 500 /usr/local/samba/private

Ĥ /usr/local/samba/private/smbpasswd ꤹ롣

    chmod 600 /usr/local/samba/private/smbpasswd

mksmbpasswd.sh ץȤ Samba Υǥ쥯ȥˤ뤳Ȥ
ФƤ

⤷ mksmbpasswd.sh Ԥʤ顢ʤϼΤ褦ʥȥɬפ
Ƥ뤳ȤФƤ:

    # SMB password file.
    tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Andrew Tridgell:/home/tridge:/bin/tcsh

桼̾ uid ŬڤˤʤФʤʤȤաޤX ο
뤳ȡ(32 ĤʤƤϤʤʤ)

5) smbpasswd ޥɤѤ桼˥ѥɤꤹ롣ȤС
root ˤʤäơsmbpasswd tridgeפ¹Ԥ뤳ȤǤ롣

6) äƤߤ褦!

ޤ smbclient Ź沽бƤ뤿ᡢsmbclient Ѥ
ƥȤǤ뤳Ȥա

==============================================================================
: WinNT.txt ⻲ȤΤ
: Win95.txt ⻲ȤΤ
