FacetWin's default "pass_security"
option technically tries to establish "plain text password" connections.
This combination usually results in the error message:
What is the best approach to take?
That really depends upon the situation, available resources, security
policy, etc.
WARNING! Be very careful when using the registry editor. If
used improperly the registry can easily become corrupted which may
result in an unstable or unbootable system. Please be very
careful when attempting this.
The registry can automatically be updated with this
"nt4sp3.reg" file. It should be downloaded
unmodified by your browser, and then double-clicked on to update your
registry.
Or, you can manually add this key to your registry by:
The Problem:
System error 1240 has occurred.
The account is not authorized to login from this station.
The Solution:
If there is an NT Server that everyone logs into...
Then one of the easiest things to do is to have FacetWin use
the NT Server for password authentication. This is done with the
"pass_security=\\ntserver_name" option, where
"ntserver_name" is replaced with the NetBIOS
name of the NT Server. With this option, the Windows user names and
passwords must match what the NT Server thinks and the user names must
be valid UNIX user names.
If there are only a few NT 4.0 w/SP3 machines...
The easiest approach may be to add the
"EnablePlainTextPassword" registry key.
Other systems (DOS, Windows 3.x, Windows 95, Macintosh w/DAVE) that are
not having trouble connecting won't be affected by this and should
continue to connect normally. One drawback to this approach
is that you may have to re-add the registry key if you install other
Service Packs and new NT 4.0 w/SP3 machines will need the key.
If this is a "trusted" network environment...
Then using the "pass_security=RHOST" option
might be the best approach. With this option, no passwords are sent
across the network and the connecting PC is trusted to supply the user
name used by the UNIX system for the connection. See the UNIX man pages
on "rhosts" or
"hosts.equiv" for details about how to
implement this on the UNIX system. Usually it is just a matter of
adding each PC hostname to the "/etc/hosts.equiv"
file and perhaps also to a ".rhosts" file.
The PC hostname will need to be resolvable by the UNIX system.
If none of the above options are practical...
Then using the "pass_security=LANMAN" option
may be the best choice. With this option, a DES encrypted password
table (separate from "/etc/passwd") is created
and maintained with the "fct_encrypt" utility.
See "man fct_encrypt" for implementation details.
The Windows user passwords don't have to match the UNIX user passwords
and are only authenticated against the encrypted password stored in the
"fctpasswd" table. Passwords are encrypted
with a special DES crypt key before being transmitted across the network.
To Re-enable "PlainTextPassword" Connections on NT 4.0 w/SP3:
Beginning with NT 4.0's Service Pack 3, the SMB redirector does not
send unencrypted passwords unless the
"EnablePlainTextPassword" registry key is added.
You should now be able to connect to FacetWin File & Print
services using NT 4.0 / Service Pack 3.
Please contact FacetCorp technical support
if you have any questions or trouble implementing any of this.