password server (PR#1028)

Andrew Tridgell samba-bugs at
Wed Oct 22 00:24:40 GMT 1997

> ...
> BUT every time a connection is attemptesd I see the following messages
> logged:
> negprot w/password server as 2625merou
> rejected the session
> not connected
> WHY is requin refusing the password verification connection from the
> HP-UX box? How can I get the passwords verified by the WindowsNT
> (requin) server so that I dont have to keep smbpasswd up to date?
> Incidentally is a BDC - does that matter?

The reason it is failing is that is not a netbios name.
The NT box is refusing the Netbios session request because it doesn't
know the name that it is being called. 

You could just use "password server = requin" instead, and possibly
add requin to /etc/hosts if it can`t be resolved without the full name.

You would be much better off upgrading to 1.9.17p4. I rewrote the password
server code for p4 and one of the things I changed was to check for a .
in the name and take the part before the first . as the netbios name. This
is consistent with what smbclient does.

The new code is also a lot cleaner and also fixes a potential security hole
if your NT server is misconfigured (some NT servers were accepting 
session setup connections with any password on unknown usernames and not
setting the guest bit in the reply). The new code does a full 
NetWkstaUserLogon to verify that the password server really meant yes
when it said yes.


More information about the samba mailing list