[linux-cifs-client] Rudi's question about smbd/smbfs/cifsvfs

Steve French smfltc at us.ibm.com
Mon Dec 6 20:21:25 GMT 2004 

I need to try Windows9x/WindowsME systems with the CIFS vfs, but I
suspect more problems than that (I am aware of one NT4 workaround I need
to do in cifs vfs SetPathInfo code to properly handle NT4 - once that is
done I need to take a look at Win9x).  If anyone has Win9x, and can get
the cifs vfs to mount to it - I would love to see some wire traces of
the cifs code doing lookup and FindFirst to Win9x so I can see which
levels I need to downgrade to support it.


On Fri, 2004-12-03 at 13:33, Christopher R. Hertel wrote:
> Steve,
> 
> Have you been able to test against a Windows95 system in pass-through auth 
> mode?
> 
> Chris -)-----
> 
> On Fri, Dec 03, 2004 at 01:12:56PM -0600, Christopher R. Hertel wrote:
> > Hang on!
> > 
> > Rudi said something in a separate message to me that jarred a memory...
> > 
> > He said that I wrote (in my book, pg. 288) that with LMCompatibilityLevel
> > set to 2, Windows clients will send the NTLM response in *both* password 
> > fields.
> > 
> > That makes some sort of twisted sense, now that I think about it.  It 
> > would also mean that smbclient and the CIFS VFS should include the NTLM 
> > response in both fields.
> > 
> > In other words, SMBFS is correct when it puts the NTLM response into both 
> > fields, and smbd is correct (or, at least, not incorrect) when it ignores 
> > the second password field in 'security=server' mode.
> > 
> > Here's the deal:
> > 
> > When Microsoft came out with NTLMv2 they discovered that they had a
> > problem.  The Windows 95 systems that were out there at the time *all did
> > pass-through authentication*.  Windows9x cannot "join" an NT Domain, so
> > they must do pass-through (equivalent to our 'security=server').
> > 
> > The problem was, the Windows9x systems had two limitations:
> > 
> >   1) They would only pass through 24 byte values.  It was a hard-coded
> >      limit.  (I remember reading this in a couple of different articles
> >      that were published at the time, and still available on the 'net.)
> > 
> >   2) They were only passing through the first of the two password strings.
> >      (Again, I assume it was just crufty code in Windows95 that was 
> >      written before there was a need to have multiple response types.)
> > 
> > Those problems let Microsoft to develop LMv2 as an afterthought.  It was 
> > easier, at the time, to get sysadmins to install a service pack for NT 
> > than it was to update all of the W9x clients.
> > 
> > Chris -)-----
> > 
> > -- 
> > "Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
> > Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
> > jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
> > ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
> > OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org
> > _______________________________________________
> > linux-cifs-client mailing list
> > linux-cifs-client at lists.samba.org
> > http://lists.samba.org/mailman/listinfo/linux-cifs-client

More information about the linux-cifs-client mailing list