DOS Client and Basic Redirector and security=user

mac at nibsc.ac.uk mac at nibsc.ac.uk
Thu Oct 30 20:22:21 GMT 1997


Hi all  (again)     (yuck, following up your own posting...)


[Basic problem is that  'Basic Redirector' of MS Network Client 3.0 for
DOS won't work with Samba in 'security=user' mode, whereas the 'Full
Redirector' will.  'security=share' mode is O.K.]


Having posted previous message, I've hacked my password.c to log the actual
password string sent by the client at debug level 4.  Leathal to security,
I know.


It turns out that the MS Network Client for DOS Basic Redirector _always_
sends a 24 byte password.  So, I guessed at encryption, got 'libdes',
recompiled my smbd (again), found a 'spare' Silicon Graphics server and
installed Encryption on it.  (ENCRYPTION.txt is very good).


This makes it work!!!!!

I can now use the Basic redirector with Samba in 'security=user' mode.

Obvioulsy I now have the headache of maintaing an 'smbpasswd' file as well
as a /etc/passwd file, although I think populating it will be easier now I
have smbd logging every client's passwords!



Only one gripe (other than the 'Basic' redirector not doing plain-text
passwords of course) is that there's no way for Samba to take the encrypted
string it's been sent, deduce the plain text password, and try that as
well.  Is there?



		Happy landings,


                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk

   Work: +44 1707 654753 x 285     Everything else: +44 956 237670 (anytime)



More information about the samba mailing list