While configuring a linux server with samba and LDAP support I came across these two fields. What's the difference between them?
At the moment, the server is only using samba to share each user's home directory through the network, authenticating users each time they connect. Are both fields used on this authentication?
Basically this:
The LM Hash is computed using the DES() algorithm. The computation is fairly simple. The input is the password, in OEM Charset (8-bit) encoding, converted to upper case. In most cases that's just the upper-case of an ASCII string.
The NT Hash is just the MD4() of the password. In this case, however, the password must be in Unicode (UCS2LE encoding).
(A bit) More info is here: http://ubiqx.org/cifs/SMB.html#SMB.8
EDIT: For details you may want to ask on http://stackoverflow.com, the details on how to implement this is probably more related to programming than system administration
I agree with Server Horror, but you should be aware that the LM hash isn't needed for anything newer then Windows 95, and as "rainbow tables" for them are available (a rainbow table is a complete reverse list for a hash, ie, for any hash here's the password) it should be disabled for security.
To disable on MS systems: http://support.microsoft.com/kb/299656
On samba it's the "lanman auth" setting, which, according to the man page, is disabled by default in current samba.
As Server Horror already stated, these are just different hash computation algorithms. LM is a short version of Lan Manager (you can probably find more revelant results by searching for Lan Manager rather than LM).
Also, this might be helpful: http://www.linuxjournal.com/article/2717
