password rejected with security=server
reniers at natlab.research.philips.com
reniers at natlab.research.philips.com
Fri Nov 28 14:32:30 GMT 1997
We use security=server and we discovered that sometimes, although the
password is correct, we received a message from our NT domaincontroller
that the password was incorrect. This happens with samba version 1.9.17p4.
It didn't occure with version 1.9.16p11.
We looked at the code in reply.c and we think there is a bug.
Our PC's ( NT4 and W95 ) send encrypted passwords. If you look into reply.c
( line 458 ), you see that there is a StrnCpy from the password, followed
by a strlen. Since the password is NOT plain text, this is not allowed.
We assume it drops into the wrong part of routine "reply_sesssetup_and_X".
We changed line 434 from
if(doencrypt )
into
if(doencrypt || passlen1 == 24)
I don't know if this is correct in all cases, but it seems to solve our
problem.
Eddy Reniers
-----------------
Reniers, ing. C.M.E.
Philips Research Laboratories
Building WY p 023, Prof. Holstlaan 4, 5656 AA Eindhoven, The Netherlands
Phone: +31-40-2744327
E-mail: reniers at natlab.research.philips.com
More information about the samba
mailing list