Trouble authenticating with OfficeJet CIFS client
Bob Richmond
bob at lorez.org
Fri Jul 20 00:53:11 GMT 2007
Christopher R. Hertel wrote:
> Jeremy Allison wrote:
>> On Thu, Jul 19, 2007 at 04:57:12PM -0700, Bob Richmond wrote:
>>> Hmm, I see that now. So, what is the meaning of "User ID" in the context
>>> of the first sessionsetupX response for NTLMSSP_CHALLENGE, if the CIFS
>>> client hasn't yet specified the username it wants to authenticate as?
>> It's a placeholder. On Windows it becomes the eventual uid used, but
>> we allocate a new one. I'll look into fixing that.
>
> The [v]uid in the SMB header is not related to real user IDs as assigned by
> the OS. It is a token allocated by the server and associated with a login
> instance. There may be several valid authentications, all with different
> [v]uid's assigned, within the same session.
>
> Chris -)-----
Is there a performance or resource consumption ramification in not
deferring the allocation of the real vuid until after the authentication
succeeds? I imagine the rationale behind the current behavior is to
prevent unauthenticated clients from being able to get the server to
keep allocating uids (and associated state data) that aren't going to be
attached to active sessions. Is it legal after a failed authentication
to return the same uid to a new authentication attempt? Or does it have
to be a new id every time an attempt is made?
I'm intrigued. :)
More information about the samba-technical
mailing list