server allows users as non-guest with bad password
David Collier-Brown - Sun Canada
davecb at scot.canada.sun.com
Mon Apr 3 17:23:37 GMT 2000
Michael wrote:
| occasionally Samba will not let a certain user connect, saying
| the password is incorrect (even though it is correct). [...]
| I get the following error message in my log.smb when this happens
| (IP address below is fake):
|
| [2000/04/03 12:09:22, 0] smbd/password.c:(1118)
| server_validate: [1] password server 123.45.67.89 allows users as
| non-guest with a bad password.
| [2000/04/03 12:09:22, 0] smbd/password.c:(1120)
| server_validate: [1] This is broken (and insecure) behaviour. Please do
| not use this machine as the password server.
Oy veh!
My leaky memory says this is a problem from a while ago
in which NT returns a "success" indication despite the
user mistyping their password. This is A Bad Thing, and
Samba would prefer to authenticate with servers who don't
do that.
If the user's passwords are actually correct (eg, they come
straight from a .pwl file), then NT is befuddled. If not,
NT is trying to befuddle Samba (;-)) In either case, snooping
the packets may tell us what to do about it...
In the meantime, do you have any other machine to play
authentication server?
--dave
--
David Collier-Brown in Boston
Phone: (781) 442-0734, Room BUR03-3632
More information about the samba
mailing list