case-problem in passwords

Tim Villa - faculties tim at ecel.uwa.edu.au
Fri Aug 8 00:39:12 GMT 1997 

> From: Thomas KIRCHTAG <tkircht at qspr03.tuwien.ac.at>
> Subject: case-problem in passwords
> 
> It all works OK and domain logons from Win95 do what they're supposed to,
> except if I use mixed-case passwords!
> My own password works fine, as long as I do NOT use the samba box as
> domain controller (logon controller).

Use the "password level" setting in smb.conf to fix this problem.

>From the man page:

  password level (G)
     Some client/server combinations have difficulty with  mixed-
     case  passwords.   One offending client is Windows for Work-
     groups, which for some reason forces passwords to upper case
     when  using the LANMAN1 protocol, but leaves them alone when
     using COREPLUS!
 
     This parameter defines the maximum number of characters that
     may be upper case in passwords.
 
     For example, say the password given was "FRED". If  password
     level is set to 1 (one), the following combinations would be
     tried if "FRED" failed:   "Fred",  "fred",  "fRed",  "frEd",
     "freD".  If  password  level  was  set  to  2 tried: "FRed",
     "FrEd", "FreD", "fREd", "fReD", "frED". And so on.
 
     The higher value this parameter is set to the more likely it
     is that a mixed case password will be matched against a sin-
     gle case password. However, you should be aware that use  of
     this parameter reduces security and increases the time taken
     to process a new connection.
 
     A value of zero will cause only two attempts to  be  made  -
     the password as is and the password in all-lower case.
 
     If you find the connections are taking too  long  with  this
     option  then you probably have a slow crypt() routine. Samba
     now comes with a fast "ufc crypt" that you can select in the
     Makefile.  You  should  also  make  sure the PASSWORD_LENGTH
     option is correct for your system in local.h and includes.h.
     On  most  systems  only  the first 8 chars of a password are
     significant so PASSWORD_LENGTH should  be  8,  but  on  some
     longer  passwords are significant. The includes.h file tries
     to select the right length for your system.
 
     Default:
          password level = 0
 
     Example:
          password level = 4

Good fortune,
Tim
-- 
Tim Villa                 Faculties of Economics & Commerce, Education and Law
Network/Systems Officer        	           The University of Western Australia
Phone: +61-08-9380-1796                                  Fax: +61-08-9380-1068
<mailto:tim at ecel.uwa.edu.au>                 <http://ecel-tim.ecel.uwa.edu.au>

More information about the samba mailing list