Making PlainPassword.reg files available over the 'net ====================================================== Because we are behind a firewall (and don't use Internet Exporer anyway), it isn't necessary to use the MS encryption scheme. So we don't. Instead, when a new PC user can't connect, we run \\\public\Win2000_PlainPassword.reg from the "Run" command on their main menu and reboot the PC. The server has the following settings in its smb.conf: --- [global] # Make this machine acessible to unauthorized users, # so they can pick up .reg files to turn off MS encryption. map to guest = bad user [public] # This share contains plain-password .reg files comment = You will find the various PlainPassword.reg \ files here path = /usr/local/samba/public guest ok = yes guest only = yes browseable = yes read only = yes --- The public directory contains: --- NT4_PlainPassword.reg Win2000_PlainPassword.reg Win95_PlainPassword.reg Win98_PlainPassword.reg --- The risks here are: 1) users who aren't in the password file will get access as the unpriveleged "guest" user (ie, it only works for new users!) 2) passwords will be sent in clear (just like telnet/ftp does) That's not why you need a firewall: it's present because all **files** are sent in clear and have always been sent in clear by Samba, ftp and rcp. We don't want people snooping our data! --dave