!==
!== WinNT.txt for Samba release 2.2.0-alpha3 24 Mar 2001
!==
Contributors: Various
Password Section - Copyright (C) 1997 - John H Terpstra
Printing Section - Copyright (C) 1997 - Matthew Harrell
Priting Info - Copyright (C) 1997 - Frank Varnavas
Updated: October 16, 1997
Status: Current
Subject: Samba and Windows NT Password Handling
=============================================================================
There are some particular issues with Samba and Windows NT.
Passwords:
==========
One of the most annoying problems with WinNT is that NT refuses to
connect to a server that is in user level security mode and that
doesn't support password encryption unless it first prompts the user
for a password.
This means even if you have the same password on the NT box and the
Samba server you will get prompted for a password. Entering the
correct password will get you connected only if Windows NT can
communicate with Samba using a compatible mode of password security.
All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate
plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed
this default behaviour so it now will only handle encrypted passwords.
The following registry entry change will re-enable clear text password
handling:
Run regedt32.exe and locate the hive key entry:
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\
Add the following value:
EnablePlainTextPassword:REG_DWORD=1
Alternatively, use the NT4_PlainPassword.reg file in this directory (either
by double clicking on it, or running regedt32.exe and selecting "Import
Registry File" from the "Registry" Menu).
The other major ramification of this feature of NT is that it can't
browse a user level non-encrypted server unless it already has a
connection open. This is because there is no spot for a password
prompt in the browser window. It works fine if you already have a
drive mounted (for example, one auto mounted on startup).
=====================================================================
Printing:
=========
When you mount a printer using the print manager in NT you may find
the following info from Matthew Harrell <harrell@leech.nrl.navy.mil>
useful:
------------
I noticed in your change-log you noted that some people were
still unable to use print manager under NT. If this is the same problem
that I encountered, it's caused by the length of time it takes NT to
determine if the printer is ready.
The problem occurs when you double-click on a printer to connect it to
the NT machine. Because it's unable to determine if the printer is ready
in the short span of time it has, it assumes it isn't and gives some
strange error about not having enough resources (I forget what the error
is). A solution to this that seems to work fine for us is to click
once on the printer, look at the bottom of the window and wait until
it says it's ready, then click on "OK".
By the way, this problem probably occurs in our group because the
Samba server doesn't actually have the printers - it queues them to
remote printers either on other machines or using their own network
cards. Because of this "middle layer", it takes an extra amount of
time for the NT machine to get verification that the printer queue
actually exists.
I hope this helped in some way...
=====================================================================
Printing Info:
--------------
From: Frank Varnavas <varnavas@ny.ubs.com>
Subject: RE: Samba as a print server
When an NT client attempts to connect to a printer on a non-NT print
server the attempt is failed with an error, something like:
"You have insufficient access to your computer to perform the
operation because a driver needs to be installed"
This is because domain users must have 'Power User' status on the
desktop to connect to printers on a non-NT print server.
This error occurs regardless of whether the driver in question is
already installed or not. What it really means is that the server is
a non-NT server and the client does not have permission to create
printers locally. Apparently when a connection to a non-NT print
server is made the printer is defined locally. Such an action can be
performed by either a local administrator or a Power User.
Unfortunately there is no way to limit the powers of a Power User, nor
is there any way to grant the Printer Creation right to another group.
This permission policy is documented in PSS database WINNT, ID Q101874
Frank Varnavas (varnavas@ny.ubs.com)