encrypt passwords=no, security=yes, samba 2.2.8,
W2K user aut h fails
tony shepherd
tony.shepherd at sun.com
Fri Mar 28 04:31:13 GMT 2003
--On Thursday, March 27, 2003 10:06:08 AM -0500 "MCCALL,DON (HP-USA,ex1)"
<don_mccall at hp.com> wrote:
> Hi tony,
> based on your log file, it sure does APPEAR that you have NOT turned off
> encrypted passwords,
> as samba is trying to open /usr/local/samba/private/smbpasswd. It should
> only do that if it negotiated encrypted passwords in the negot prot call,
> which it should only be able to do if encrypted passwords is set to yes.
>
> I note that you are including ANOTHER smb.conf file at the end of your
> global section; please check there and see if you have an encrypt
> passwords = yes, and/or include the contents of that smb.conf file as
> well in your next message to the list, ok?
> include=/etc/sfw/local-smb.conf
local-smb.conf is an empty file. I don't have another encrypt passwords =
yes anywhere in the config file.
What is weird is that I can eventually authenticate after I change the
username I try to authenticate with and then change back again.
So, this looks like a bug? I wonder whether it only effects Solaris
systems. I would have thought others would have fallen across it.
I can't code, but I can provide logs and testing. Please let me know if I
can help at all.
tony
>> -----Original Message-----
>> From: tony shepherd [mailto:tony.shepherd at sun.com]
>> Sent: Tuesday, March 25, 2003 21:31
>> To: samba-technical at samba.org
>> Cc: tony.shepherd
>> Subject: BUG: encrypt passwords=no, security=yes, samba
>> 2.2.8, W2K user
>> auth fails
>>
>>
>> folks
>>
>> **
>> I am not on this mail list. Can all replied please be Cc'ed
>> to me as well.
>> **
>>
>> I have come across the following bug using samba 2.2.8 (in
>> the throws of
>> upgrading from 2.0.10 to fix security vul).
>>
>> I discovered this bug using a W2K system; it was not present
>> when testing
>> with win98. I am running the samba server on a solaris 9 system.
>>
>> I am using "encrypt passwords = no" and "security=user" and
>> using the Unix
>> passwords for authentication. Registry modification have
>> been made to the
>> windows system.
>>
>> To replicate the bug, I do the following:
>>
>> * log onto w2k system as user ts74081, passwd: fred
>> * try and open the share: \\huey\ts74081. As my password is
>> different
>> between the windows system and the samba server, it prompts me for a
>> username/password pair. I give the correct values but I
>> still get rejected.
>> * I then try to access the share as a different user (one
>> that does not
>> exist on the system): username fred, passwd fred. Naturally
>> it fails.
>> * I then try again with the proper username/password pair and I get
>> authenticated correctly and the share is made available.
>>
>>
>> If I do not try and authenticate as a different user before
>> retrying with
>> the proper username, it will continue to fail to authenticate.
>>
>> I have attached debug 3 logs of the above scenario as well as
>> the smb.conf
>> I am using.
>>
>> If I change the security parameter to "security=share", the
>> above bug does
>> not show itself.
>>
>>
>> thanks
>>
>> tony
>>
>>
More information about the samba-technical
mailing list