Trouble authenticating with OfficeJet CIFS client

Bob Richmond bob at lorez.org
Fri Jul 20 00:53:11 GMT 2007


Christopher R. Hertel wrote:

> Jeremy Allison wrote:
>> On Thu, Jul 19, 2007 at 04:57:12PM -0700, Bob Richmond wrote:
>>> Hmm, I see that now. So, what is the meaning of "User ID" in the context 
>>> of the first sessionsetupX response for NTLMSSP_CHALLENGE, if the CIFS 
>>> client hasn't yet specified the username it wants to authenticate as?
>> It's a placeholder. On Windows it becomes the eventual uid used, but
>> we allocate a new one. I'll look into fixing that.
>
> The [v]uid in the SMB header is not related to real user IDs as assigned by
> the OS.  It is a token allocated by the server and associated with a login
> instance.  There may be several valid authentications, all with different
> [v]uid's assigned, within the same session.
>
> Chris -)-----

Is there a performance or resource consumption ramification in not 
deferring the allocation of the real vuid until after the authentication 
succeeds? I imagine the rationale behind the current behavior is to 
prevent unauthenticated clients from being able to get the server to 
keep allocating uids (and associated state data) that aren't going to be 
attached to active sessions. Is it legal after a failed authentication 
to return the same uid to a new authentication attempt? Or does it have 
to be a new id every time an attempt is made?

I'm intrigued. :)


More information about the samba-technical mailing list