[linux-cifs-client] Rudi's question about smbd/smbfs/cifsvfs

Christopher R. Hertel crh at ubiqx.mn.org
Fri Dec 3 19:12:56 GMT 2004 

Hang on!

Rudi said something in a separate message to me that jarred a memory...

He said that I wrote (in my book, pg. 288) that with LMCompatibilityLevel
set to 2, Windows clients will send the NTLM response in *both* password 
fields.

That makes some sort of twisted sense, now that I think about it.  It 
would also mean that smbclient and the CIFS VFS should include the NTLM 
response in both fields.

In other words, SMBFS is correct when it puts the NTLM response into both 
fields, and smbd is correct (or, at least, not incorrect) when it ignores 
the second password field in 'security=server' mode.

Here's the deal:

When Microsoft came out with NTLMv2 they discovered that they had a
problem.  The Windows 95 systems that were out there at the time *all did
pass-through authentication*.  Windows9x cannot "join" an NT Domain, so
they must do pass-through (equivalent to our 'security=server').

The problem was, the Windows9x systems had two limitations:

  1) They would only pass through 24 byte values.  It was a hard-coded
     limit.  (I remember reading this in a couple of different articles
     that were published at the time, and still available on the 'net.)

  2) They were only passing through the first of the two password strings.
     (Again, I assume it was just crufty code in Windows95 that was 
     written before there was a need to have multiple response types.)

Those problems let Microsoft to develop LMv2 as an afterthought.  It was 
easier, at the time, to get sysadmins to install a service pack for NT 
than it was to update all of the W9x clients.

Chris -)-----

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the linux-cifs-client mailing list