disable "fake" samba authentication error messages

Luke Kenneth Casson Leighton lkcl at switchboard.net
Fri Jul 3 14:41:03 GMT 1998


On Thu, 2 Jul 1998, Andrew Morgan wrote:

> Luke Kenneth Casson Leighton writes:
> > > 
> > > On Thu, 2 Jul 1998, Urs Rau wrote:
> > > 
> > > > What bothers me is that samba is filling up my log files with a lot of 
> > > > extraneous/fake entries about authentication failures. "Extraneous/fake" - 
> > > > because all it is is a reflection of the way the protocol actually tries to login - 
> > > > going through the upper/lower case mutations as configured.
> > 
> > This is due to the Windows machines forcing the password to be uppercased.
> > A cracking algorithm is applied, which can be short-circuited by asking
> > your users to only use lower case letters in passwords.  This will still
> > allow numbers and non-numeric characters but may still not satisfy the
> > truly paranoid.
> > 
> > The alternative is to use encrypted passwords, and maintain the UNIX and
> > NT / LM password databases seperately: there are tools to do this.
> 
> This may be eliminated if it is possible to get samba to work like this:
> 
> conv(..., app_data)
> {
> 	/* use app_data to indicate how many times we've been called */
> 	if ( first_time ) {
> 		return string_as_typed

Like I said, string_as_typed is not available: it is the windows client
that is passing the password upper cased, over which you have no control,
forcing the use of a cracking algorithm. 




More information about the samba mailing list