Actually I am not a samba expert but I remember that turning on the password encryption feature in samba enables the use of the /etc/smbpasswd file and it is in this file that the password is encrypted but when it is being transmitted over the network to the authenticating server i.e the samba server it is sent as clear text. I do not think that the windows machine encrypts the password before sending it to the server for authentication. however the samba server encrypts the clear text password it gets and compares it with what it already has in its password file. I could be wrong but I think it is almost like the usual user authentication in a telnet session. On Mon, 23 Oct 2000, Lars Trebing wrote:
semat wrote:
the probelm is that the password is still trasmitted over the network in clear text thus anyone running a sniffer on the network may be able to get your passwords.
I really don't believe this is true. IMHO Samba's password encryption mode does provide true password encryption (although I don't quite know how good this encryption is).