Getting OpenLDAP to auth users against sambaNTPassword

Andrew Bartlett abartlet at
Mon Jun 23 21:35:06 GMT 2003

On Tue, 2003-06-24 at 06:01, Norbert Klasen wrote:
> --On Donnerstag, 19. Juni 2003 16:10 +1000 Andrew Bartlett 
> <abartlet at> wrote:
> > I note with interest that there is a {LANMAN} password type available
> > for the userPassword attribute, but this does not quite meet the
> > requirements - for one thing it is case *INSENSITIVE*, which makes the
> > whole thing much weaker.
> Should it be case sensitive? I wrote the code according to RFC2433 which 
> says the password should be converted to uppercase.

Correct - it's just the problem with the whole LANMAN idea.  Microsoft
replaced it for very good reason.

It's just a pity they never updated Win9x to us the NT password, so we
have been stuck with the dog for *way* too long...

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list