Passwd case problem

Simon Hyde shyde at poboxes.com
Thu Feb 12 19:37:32 GMT 1998 

On Fri, 13 Feb 1998 05:26:02 +1100, you wrote:

>I'm sure this is covered in some doc somewhere, but I have not been able
>to find it. Anyways, I have 1.9.17 running on a SS10/Solaris 2.6. The
>smb.conf is attached at the end of this message. 
>
>Anyways, I need Samba to allow domain logons from Win95 clients, via the
>NIS database on the Sun. We're not doing anything especially tricky, I
>just want the users home directory to mount and for them to be able to
>cancel their print jobs. 
>
>Everything works great IF the user has an all lowercase passwd, 
>e.g. 'passwd'. Numeric characters are also fine.
>
>However, if the passwd contains ANY uppercase characters, 
>e.g. 'PassWd', I get "The domain passwd you supplied is not correct or
>your access to the logon server has been refused". This fails from both
>Win95 OSRA and OSRB clients.
>
>Any ideas or pointers to the docs which I missed would be appreciated.

   password level (G)
Some client/server combinations have difficulty with mixed-case passwords.
One  offending  client  is  Windows  for Workgroups, which for some reason
forces passwords to upper case when using the LANMAN1 protocol, but leaves
them alone when using COREPLUS!

This  parameter defines the maximum number of characters that may be upper
case in passwords.

For example, say the password given was "FRED". If password level  is  set
to  1  (one),  the following combinations would be tried if "FRED" failed:
"Fred", "fred", "fRed", "frEd", "freD". If password level  was  set  to  2
(two),  the  following  combinations  would also be tried: "FRed", "FrEd",
"FreD", "fREd", "fReD", "frED". And so on.

The higher value this parameter is set to the more likely  it  is  that  a
mixed  case  password will be matched against a single case password. How-
ever, you should be aware that use of this parameter reduces security  and
increases the time taken to process a new connection.

A  value of zero will cause only two attempts to be made - the password as
is and the password in all-lower case.

If you find the connections are taking too long with this option then  you
probably  have  a  slow  crypt() routine. Samba now comes with a fast "ufc
crypt" that you can select in the Makefile. You should also make sure  the
PASSWORD_LENGTH   option  is  correct  for  your  system  in  local.h  and
includes.h. On most systems only the first 8 chars of a password are  sig-
nificant  so PASSWORD_LENGTH should be 8, but on some longer passwords are
significant. The includes.h file tries to select the right length for your
system.

Default:
     password level = 0

Example:
     password level = 4

Simon Hyde

-----------------------------------------------------------
With a PC, I always felt limited by the software available.
On Unix, I am limited only by my knowledge.

More information about the samba mailing list