encrypt passwords=no, security=yes, samba 2.2.8, W2K user aut h fails

MCCALL,DON (HP-USA,ex1) don_mccall at hp.com
Thu Mar 27 15:06:08 GMT 2003 

Hi tony,
based on your log file, it sure does APPEAR that you have NOT turned off
encrypted passwords,
as samba is trying to open /usr/local/samba/private/smbpasswd.  It should
only do that if it negotiated encrypted passwords in the negot prot call,
which it should only be able to do if encrypted passwords is set to yes.

I note that you are including ANOTHER smb.conf file at the end of your
global section; please check there and see if you have an encrypt passwords
= yes, and/or include the contents of that smb.conf file as well in your
next message to the list, ok?
	include=/etc/sfw/local-smb.conf
> -----Original Message-----
> From: tony shepherd [mailto:tony.shepherd at sun.com]
> Sent: Tuesday, March 25, 2003 21:31
> To: samba-technical at samba.org
> Cc: tony.shepherd
> Subject: BUG: encrypt passwords=no, security=yes, samba 
> 2.2.8, W2K user
> auth fails
> 
> 
> folks
> 
> **
> I am not on this mail list.  Can all replied please be Cc'ed 
> to me as well.
> **
> 
> I have come across the following bug using samba 2.2.8 (in 
> the throws of 
> upgrading from 2.0.10 to fix security vul).
> 
> I discovered this bug using a W2K system; it was not present 
> when testing 
> with win98.  I am running the samba server on a solaris 9 system.
> 
> I am using "encrypt passwords = no" and "security=user" and 
> using the Unix 
> passwords for authentication.  Registry modification have 
> been made to the 
> windows system.
> 
> To replicate the bug, I do the following:
> 
> * log onto w2k system as user ts74081, passwd: fred
> * try and open the share: \\huey\ts74081.  As my password is 
> different 
> between the windows system and the samba server, it prompts me for a 
> username/password pair.  I give the correct values but I 
> still get rejected.
> * I then try to access the share as a different user (one 
> that does not 
> exist on the system):  username fred, passwd fred.  Naturally 
> it fails.
> * I then try again with the proper username/password pair and I get 
> authenticated correctly and the share is made available.
> 
> 
> If I do not try and authenticate as a different user before 
> retrying with 
> the proper username, it will continue to fail to authenticate.
> 
> I have attached debug 3 logs of the above scenario as well as 
> the smb.conf 
> I am using.
> 
> If I change the security parameter to "security=share", the 
> above bug does 
> not show itself.
> 
> 
> thanks
> 
> tony
> 
>

More information about the samba-technical mailing list