[linux-cifs-client] Rudi's question about smbd/smbfs/cifsvfs

Christopher R. Hertel crh at ubiqx.mn.org
Fri Dec 3 19:33:06 GMT 2004 

Steve,

Have you been able to test against a Windows95 system in pass-through auth 
mode?

Chris -)-----

On Fri, Dec 03, 2004 at 01:12:56PM -0600, Christopher R. Hertel wrote:
> Hang on!
> 
> Rudi said something in a separate message to me that jarred a memory...
> 
> He said that I wrote (in my book, pg. 288) that with LMCompatibilityLevel
> set to 2, Windows clients will send the NTLM response in *both* password 
> fields.
> 
> That makes some sort of twisted sense, now that I think about it.  It 
> would also mean that smbclient and the CIFS VFS should include the NTLM 
> response in both fields.
> 
> In other words, SMBFS is correct when it puts the NTLM response into both 
> fields, and smbd is correct (or, at least, not incorrect) when it ignores 
> the second password field in 'security=server' mode.
> 
> Here's the deal:
> 
> When Microsoft came out with NTLMv2 they discovered that they had a
> problem.  The Windows 95 systems that were out there at the time *all did
> pass-through authentication*.  Windows9x cannot "join" an NT Domain, so
> they must do pass-through (equivalent to our 'security=server').
> 
> The problem was, the Windows9x systems had two limitations:
> 
>   1) They would only pass through 24 byte values.  It was a hard-coded
>      limit.  (I remember reading this in a couple of different articles
>      that were published at the time, and still available on the 'net.)
> 
>   2) They were only passing through the first of the two password strings.
>      (Again, I assume it was just crufty code in Windows95 that was 
>      written before there was a need to have multiple response types.)
> 
> Those problems let Microsoft to develop LMv2 as an afterthought.  It was 
> easier, at the time, to get sysadmins to install a service pack for NT 
> than it was to update all of the W9x clients.
> 
> Chris -)-----
> 
> -- 
> "Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
> Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
> jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
> ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
> OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client at lists.samba.org
> http://lists.samba.org/mailman/listinfo/linux-cifs-client

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the linux-cifs-client mailing list