FW: encrypt passwords = no, security=user, samba 3.0a22
Nir Soffer
nirs at exanet.com
Tue Mar 11 17:51:50 GMT 2003
> Nir Soffer wrote:
> >
> > Something our QA department stumbled on:
> >
> > I try to log on to my Samba 3.0a22 installation (make, make
> install, the
> > usual shebang). The client name is CACOMISTLE (not the
> NativeOS), the
> > user name is nirs, (not the domain).
> > Any ideas or thoughts, or are we doing something incredibly stupid?
>
> At a guess, you are using plaintext passwords with Unicode.
> If my guess is
> correct (a simple capture of the SMB SESSION SETUP ANDX
> exchange would prove
> it) then read on...
>
> I do not know how to convince a Windows *server* to request plaintext
> passwords. As you are probably aware, it is easy to get
> Samba to request
> plaintext if that's really what you want to do.
>
> What that means is that the combination of Unicode and
> plaintext passwords
> is unusual. I have seen that W2K and W/XP clients will send Unicode
> plaintext passwords if Samba requests it. Unfortunately,
> they get the field
> values wrong--in different ways--and it breaks the existing parsing in
> Samba.
>
[ snip wonderful explanation ]
> The Windows systems that I've been able to check do not send Plaintext
> Unicode passwords correctly. My *guess* is that Microsoft
> never tested this
> because their servers don't set up the situation that would
> require testing.
>
> I believe that Samba can compensate, but I have not had time
> to look at the
> code (let alone fix it). It should be an easy fix. Eg.:
>
> if( Unicode Password begins with 0x00 )
> skip a byte
> if( Unicode Password does not end in 0x0000 )
> Add two to the password length before processing
>
> Someone care to look into providing a patch?
It seems to me that a more correct fix would be, in the case of encrypt passwords = no, to request a normal password and not a UNICODE one. Is this even possible in the protocol? (e.g - request non-unicode passwords, but still support non-unicode filenames?)
This is definitely broken now if this the case, regardless where the bug is...
Nir.
--
Nir Soffer -=- Software Engineer, Exanet Inc. -=-
"The poor little kittens; They lost their mittens;
And now you all must die. Mew, Mew, Mew, Mew,
And now you all must die." www.sluggy.com, 24/10/02
More information about the samba-technical
mailing list