Problem with PAM-based authentication

Kris Van Hees aedil at
Fri Nov 15 15:10:01 GMT 2002

To give more information on this issue, it seems that there are Windows clients
that send plaintext passwords as the NT passwords rather tham as the LM
password as is being assumed by the Samba code in e.g. reply_sesssetup_and_X().

Can someone confirm/counter this?


On Tue, Nov 12, 2002 at 05:27:34PM -0500, Kris Van Hees wrote:
> Hi,
> 	It seems that PAM-based authentication is broken in the current CVS
> HEAD version.  Enabling cleartext passwords, and setting 'encrypted passwords =
> no' does not help, nor does setting 'use spnego = no'.  What seems to happen
> is that the client (Win98SE and WinXP tested) sends the passwords as a UNICODE
> string, with its length set in smb_vwv[8], whereas on 2.2.6 (to doublecheck)
> the password was being sent as a regular ASCII string with its length set in
> smb_vwv[7].
> 	In both cases the protocol negotation decided upon 'NT LM 0.12'.
> 	Does anyone have any ideas what is going wrong here?  Is the CVS HEAD
> version sending any negotiation information that might trigger the client to
> send the password as an NT password rather than an LM password?
> 	Kris

Never underestimate a Mage with:
 - the Intelligence to cast Magic Missile,
 - the Constitution to survive the first hit, and
 - the Dexterity to run fast enough to avoid being hit a second time.

More information about the samba-technical mailing list