Encrypted password support fails

Steve Holstead Steve.Holstead at ualberta.ca
Thu Oct 31 22:09:00 GMT 2002

Thanks for the info Andrew. I guess this brings up a couple of other
questions. I hope you don't mind.

The current samba 2.X seems to use the "unicode" password and checks to
see if it is a NT,LM, or cleartext solution. Is this the case? If so, what
is the purpose of the "ansi" 24 char password?

Now that ntlm v2 is here, does this mean we will have a database with 3
different sets of credentials?

On Thu, 31 Oct 2002, Andrew Bartlett wrote:

> Steve Holstead wrote:
> >
> > I am running samba 2.2.4 on AIX 4.3.3.
> >
> > I am having a little problem with encrypted password support. Most of
> > my client machines will connect okay. However, I have a couple of
> > machines (win2000) that fail at logon time. I ran a tcpdump and had a look
> > at what was happening....
> >
> > Negotiate protocol response says we'll talk at > lanman2.1
> >
> > Tree Connect AndX Request says here is my:
> >         ANSI password of length 24
> >         and
> >         Unicode password of length 106
> >
> > Tree Connect AndX Response says "invalid password"
> >
> > All my successful clients have a ANSI and Unicode passwd len of 24. Does anyone know what would cause a win2000 client to send me a password of
> > 106?
> That's NTLMv2, which Samba 2.2 does not support.  It is configured
> either by system policy, or the LMcomatiblityLevel Registry setting.
> (MS has some docs on it in the KB).
> Samba 3.0 has support for this, but I need to double-check our NTLMSSP
> implementation (some things changed there that I may have broken it).
> Andrew Bartlett
> --
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list