Samba 2.2.pre3 vs. 1.9.18 with unknown users

[Ph. Marek]

>> >Can you please try the current HEAD CVS?  In particular can you please
>> >confirm if the behaviour is different to NT/Win2k/XP?
>> If I understand you correctly you want to know if this program works
>> against a NT (server), a Win2k (server) or a XP (server)?
>> Or, if you want me to run this program in Win2k or XP, that'll take some
>> time - as it's in security architecture written for a smartcard solution
>> for NT. I'd have to write a new program for these architectures.
>> Please clarify on this point.
>
>Test against them as servers (ie replace samba).
> 
>> Are you interested in sniffer dumps or samba-logs or similar?
>> BTW, using "username map" didn't help - maybe I've done something wrong.
>
>Username map is irrelvent in this situation (I think).
>
>If you can show a microsoft server giving a different repsonse to a
>Samba server then I want to know about it.
Well, I've just spent some hours trying to reproduce that.

Problem is, we have only XP workstation, no XP server (hope that won't
change :-) and that behaves completly different. It always logs me on as a
guest or so - without any passwords, so these results are unuseable.
We don't have w2k server either - so I see no easy way to reproduce the
problem.

But I'll report the setup - maybe someone else can do the test.


PC (NT4SP5), process is a user X which doesn't exist on the server.
Uses a program which tries WNetAddConnection() with NULL for user and pswd,
if that doesn't work it tries a user Y with password which exist on the
server.

Samba 1.9.18 says on the first call "bad password", so the 2nd try works.
Samba 2.2.pre3 says "logon failure", so NT tries the 2nd time with user X
instead of Y - which is a bug, in my opinion.


So a simple fix (which I'll try and report) is to just answer "bad
password" if the user doesn't exist.


Thanks for the help!


Regards

Phil


-
This message is RSA-encrypted: n=33389, e=257