encrypt passwords=no, security=yes, samba 2.2.8, W2K user aut
h fails
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Thu Mar 27 15:06:08 GMT 2003
Hi tony,
based on your log file, it sure does APPEAR that you have NOT turned off
encrypted passwords,
as samba is trying to open /usr/local/samba/private/smbpasswd. It should
only do that if it negotiated encrypted passwords in the negot prot call,
which it should only be able to do if encrypted passwords is set to yes.
I note that you are including ANOTHER smb.conf file at the end of your
global section; please check there and see if you have an encrypt passwords
= yes, and/or include the contents of that smb.conf file as well in your
next message to the list, ok?
include=/etc/sfw/local-smb.conf
> -----Original Message-----
> From: tony shepherd [mailto:tony.shepherd at sun.com]
> Sent: Tuesday, March 25, 2003 21:31
> To: samba-technical at samba.org
> Cc: tony.shepherd
> Subject: BUG: encrypt passwords=no, security=yes, samba
> 2.2.8, W2K user
> auth fails
>
>
> folks
>
> **
> I am not on this mail list. Can all replied please be Cc'ed
> to me as well.
> **
>
> I have come across the following bug using samba 2.2.8 (in
> the throws of
> upgrading from 2.0.10 to fix security vul).
>
> I discovered this bug using a W2K system; it was not present
> when testing
> with win98. I am running the samba server on a solaris 9 system.
>
> I am using "encrypt passwords = no" and "security=user" and
> using the Unix
> passwords for authentication. Registry modification have
> been made to the
> windows system.
>
> To replicate the bug, I do the following:
>
> * log onto w2k system as user ts74081, passwd: fred
> * try and open the share: \\huey\ts74081. As my password is
> different
> between the windows system and the samba server, it prompts me for a
> username/password pair. I give the correct values but I
> still get rejected.
> * I then try to access the share as a different user (one
> that does not
> exist on the system): username fred, passwd fred. Naturally
> it fails.
> * I then try again with the proper username/password pair and I get
> authenticated correctly and the share is made available.
>
>
> If I do not try and authenticate as a different user before
> retrying with
> the proper username, it will continue to fail to authenticate.
>
> I have attached debug 3 logs of the above scenario as well as
> the smb.conf
> I am using.
>
> If I change the security parameter to "security=share", the
> above bug does
> not show itself.
>
>
> thanks
>
> tony
>
>
More information about the samba-technical
mailing list