disable "fake" samba authentication error messages
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Jul 3 14:41:03 GMT 1998
On Thu, 2 Jul 1998, Andrew Morgan wrote:
> Luke Kenneth Casson Leighton writes:
> > >
> > > On Thu, 2 Jul 1998, Urs Rau wrote:
> > >
> > > > What bothers me is that samba is filling up my log files with a lot of
> > > > extraneous/fake entries about authentication failures. "Extraneous/fake" -
> > > > because all it is is a reflection of the way the protocol actually tries to login -
> > > > going through the upper/lower case mutations as configured.
> >
> > This is due to the Windows machines forcing the password to be uppercased.
> > A cracking algorithm is applied, which can be short-circuited by asking
> > your users to only use lower case letters in passwords. This will still
> > allow numbers and non-numeric characters but may still not satisfy the
> > truly paranoid.
> >
> > The alternative is to use encrypted passwords, and maintain the UNIX and
> > NT / LM password databases seperately: there are tools to do this.
>
> This may be eliminated if it is possible to get samba to work like this:
>
> conv(..., app_data)
> {
> /* use app_data to indicate how many times we've been called */
> if ( first_time ) {
> return string_as_typed
Like I said, string_as_typed is not available: it is the windows client
that is passing the password upper cased, over which you have no control,
forcing the use of a cracking algorithm.
More information about the samba
mailing list