Authenticating WinXP with Samba 3.0 CVS (plaintext) problem

Kris Van Hees aedil at
Wed Feb 26 19:54:00 GMT 2003

On Wed, Feb 26, 2003 at 01:39:26PM -0600, Christopher R. Hertel wrote:
> On Wed, Feb 26, 2003 at 12:59:58PM -0500, Kris Van Hees wrote:
> > I have a WinXP box that has plaintext password enabled.  I have a Samba 3.0
> > CVS server that also does not use encrypted passwords (uses PAM).  I cannot
> > connect to shares from the WinXP box because apparantly the non-encrypted
> > password is sent as the NT password, and nothing as the LM password.  
> You mean that XP sends the plaintext password in the Unicode Password 
> field?  That's sick.  Does it send it as ASCII or Unicode.

That is correct, and it is in Unicode indeed (2 bytes per character).

> > The protocol that was negotiated was NT LM 0.12.
> That would be correct.
> > From the code, it seems that the Samba server believes that plaintext
> > passwords should only be sent for the protocols < PROTOCOL_NT1 (anything
> > other than NT LM 0.12 or NT LANMAN 1.0).
> No, Samba can handle plaintext just fine in the NT LM 0.12 dialect.  It's 
> just that Samba needs to know where to *find* the password.  Plaintext 
> passwords are always sent in the first password field (ASCII Password, or 
> CaseInsensitivePassword, depending on which documentation you read).

Yup, and WinXP I guess is not playing nice in that sense.

> > Has anyone else seen this?  Am I missing something here?  Getting WinXP to
> > work with plaintext passwords is rather important for my setup.
> No, but I don't have an XP system available.  I'd be interested in seeing 
> the SessionSetupAndX from an Ethereal trace.

Would a tcpdump of the dialogue also be acceptable? :)  I can of course also
send the samba.log and/or SMBtconX.* files etc...


More information about the samba-technical mailing list