TNG works with Win2k, fails with Win98

Richard Sharpe sharpe at ns.aus.com
Sun Feb 20 02:06:09 GMT 2000 

Hi,

At 03:15 AM 2/20/00 +1100, Lonnie J. Borntreger wrote:
>Finally.  I'm no longer the only one talking about this problem.
>
>STATUS: Samba TNG does not support Win9x authentication.  I ONLY works for
>users on NT or 2000.
>
>SOLUTION: Somebody with access to an NT PDC based domain needs to do a
>netmon trace of a successful domain login and a successful GETDC request
>from a Win9x machine and send it to Luke Leighton (lkcl at samba.org).  Once he
>has that, he will fix the implementation.
>
>CAVEAT: I've asked for someone to do that trace several times in the last
>4-6 months, and no-one has stepped forward and done it.

OK,

It is the LM MD4 hash part that is failing ... I can't see yet what is
wrong, as the code has changed a lot, but the functions look the same.

I wonder, is there any way to force Samba to use the same challenge all the
time?  I need to be able to compare the results of Samba-TNG and
Samba-2.0.6 to see if they produce the same result.

>TTFN,
>Lonnie Borntreger
>
>> -----Original Message-----
>> From: samba-ntdom at samba.org [mailto:samba-ntdom at samba.org]On Behalf Of
>> Patrick J. LoPresti
>> Sent: Friday, February 18, 2000 7:09 PM
>> To: Multiple recipients of list SAMBA-NTDOM
>> Subject: TNG works with Win2k, fails with Win98
>>
>>
>> We have been authenticating Win98 users against Samba 2.0.5a for a
>> long time, but I need a real PDC by next week (ahem) or the Powers
>> That Be just might start imposing a real NT infrastructure.
>>
>> So I checked out TNG this afternoon at 1:50 P.M. EST (6:50 UTC), built
>> it on a test machine, hacked up a smb.conf file to make it Domain
>> Controller for a domain named "TEST", and copied smbpasswd from our
>> existing installation.
>>
>> The result is that a Windows 2000 box can join the domain and
>> authenticate users.  Nice work!  The native Win2k user admin tools
>> tend to crash, but some command-line thingamys in the Resource Kit
>> provide enough functionality (specifically, adding a domain account to
>> the local Administrators group) that we can live with it.
>>
>> The only problem is that I can no longer authenticate Windows 98.  It
>> says "your password is invalid or your logon share is inaccessible" or
>> somesuch.  Note that this is the same TEST domain and user login which
>> worked on Windows 2000, so I do not think my configuration is the
>> problem.  But who knows.
>>
>> I have a 55K level 10 debug log of the entire failed effort; I would
>> be glad to send that and my smb.conf to any interested parties.  I am
>> also a reasonably competent C hacker with lots of spare time available
>> this weekend...
>>
>>  - Pat
>>
>
>

Regards
-------
Richard Sharpe, sharpe at ns.aus.com, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
Author: First Australian 2-day, intensive, hands-on Samba course

More information about the samba-ntdom mailing list