samba error message - "broken (and insecure) behavior"
Jim Watt
jimw at pe-nelson.com
Mon Aug 31 19:55:44 GMT 1998
I've seen error messages about this since we installed 1.9.18p10 of samba,
so I went looking in the code for the context.
Here (from password.c) is the context:
/*
* Attempt a session setup with a totally incorrect password.
* If this succeeds with the guest bit *NOT* set then the password
* server is broken and is not correctly setting the guest bit. We
* need to detect this as some versions of NT4.x are broken. JRA.
*/
if (cli_session_setup(&cli, user, (char *)badpass, sizeof(badpass),
(char *)badpass, sizeof(badpass), domain)) {
if ((SVAL(cli.inbuf,smb_vwv2) & 1) == 0) {
DEBUG(0,("server_validate: password server %s allows users as non-guest \
with a bad password.\n", cli.desthost));
DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
use this machine as the password server.\n"));
cli_ulogoff(&cli);
return False;
}
cli_ulogoff(&cli);
}
WHAT versions of NT4 have this problem? Obviously, we have one!
Jim
--
Jim Watt jimw at PE-Nelson.COM
Perkin-Elmer Corporation Voice (desk): +1 408 577 2228
PE-Nelson Division Fax: +1 408 894 9307
3833 North First Street Voice (main): +1 408 577 2200
San Jose CA 95134-1701
More information about the samba
mailing list