(resend - smaller version) BUG: encrypt passwords=no,security=user, samba 2.2.8, W2K user auth fails

tony shepherd tony.shepherd at sun.com
Wed Mar 26 21:27:01 GMT 2003


This is a re-send of the report I sent yesterday that was help up because 
it was too large.  I have compressed the attachments to make it more 
acceptable :).  I also fixed a typo in the subject line...

-----

folks

**
I am not on this mail list.  Can all replied please be Cc'ed to me as well.
**

I have come across the following bug using samba 2.2.8 (in the throws of 
upgrading from 2.0.10 to fix security vul).

I discovered this bug using a W2K system; it was not present when testing 
with win98.  I am running the samba server on a solaris 9 system.

I am using "encrypt passwords = no" and "security=user" and using the Unix 
passwords for authentication.  Registry modification have been made to the 
windows system.

To replicate the bug, I do the following:

* log onto w2k system as user ts74081, passwd: fred
* try and open the share: \\huey\ts74081.  As my password is different 
between the windows system and the samba server, it prompts me for a 
username/password pair.  I give the correct values but I still get rejected.
* I then try to access the share as a different user (one that does not 
exist on the system):  username fred, passwd fred.  Naturally it fails.
* I then try again with the proper username/password pair and I get 
authenticated correctly and the share is made available.


If I do not try and authenticate as a different user before retrying with 
the proper username, it will continue to fail to authenticate.

I have attached debug 3 logs of the above scenario as well as the smb.conf 
I am using.

If I change the security parameter to "security=share", the above bug does 
not show itself.


thanks

tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.smbd.gz
Type: application/octet-stream
Size: 6455 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030327/7f363f20/log.smbd.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb.conf
Type: application/octet-stream
Size: 1307 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030327/7f363f20/smb.obj


More information about the samba-technical mailing list