TNG works with Win2k, fails with Win98

Patrick J. LoPresti patl at cag.lcs.mit.edu
Sun Feb 20 02:09:27 GMT 2000


Richard Sharpe <sharpe at ns.aus.com> writes:

> OK, I have started to look at this, even though I have tons of other
> work to do.

If you get this working within the week, a case of beer (*) of your
choice is on me.  I do not know how I will get it to Australia, but I
will find a way.

And if there is anything I can do to help, please let me know.  I have
no other plans for the next 48 hours.

I actually did set up a fresh NT PDC today to capture a netmon trace
of a Win98 login, but I guess that was unnecessary after all.

> However, when Win95 tries to connect to IPC$ using a SessionSetup&X,
> Samba-TNG returns a bad password response.  This seems to be a
> problem with the LM# that Win95 is sending, and perhaps Samba-TNG is
> expecting an NT#.

Yes, that is consistent with the logs I am seeing, too.  After the
failed LM authentication Samba falls back to using something (the LM
hash?) as Unix password; we are seeing syslog messages about failed
authentication attempts from the PAM passwd module.

Incidentally, I do have a workaround of sorts:

  1) Set up TNG as domain controller for the "FOO" domain

  2) Set up 2.0.x to serve domain logons for the "FOO9X" domain

  3) Configure the 2.0.x box with "security = server" and "password
     server = <the TNG box>"

  4) Have WinNT/Win2k clients use the FOO domain

  5) Have Win9x clients live in the FOO workgroup but authenticate
     against the FOO9X domain

This actually appears to work, although it requires you to set the
domain differently for Win9x and WinNT clients, which is more than
slightly annoying.  (Especially if you already have lots of 98 and NT
clients using the same domain, like we do.)  But maybe if you were
setting up a network from scratch it would not be so bad.

 - Pat


More information about the samba-ntdom mailing list