server allows users as non-guest with bad password

David Collier-Brown - Sun Canada davecb at scot.canada.sun.com
Mon Apr 3 17:23:37 GMT 2000


Michael wrote:
| occasionally Samba will not let a certain user connect, saying
| the password is incorrect (even though it is correct).  [...]
| I get the following error message in my log.smb when this happens
| (IP address below is fake):
| 
| [2000/04/03 12:09:22, 0] smbd/password.c:(1118)
|	server_validate: [1] password server 123.45.67.89 allows users as
|	non-guest with a bad password.
| [2000/04/03 12:09:22, 0] smbd/password.c:(1120)
|	server_validate: [1] This is broken (and insecure) behaviour. Please do
|	not use this machine as the password server.

	Oy veh!
	My leaky memory says this is a problem from a while ago
	in which NT returns a "success" indication despite the
	user mistyping their password. This is A Bad Thing, and
	Samba would prefer to authenticate with servers who don't
	do that.
	
	If the user's passwords are actually correct (eg, they come
	straight from a .pwl file), then NT is befuddled.  If not,
	NT is trying to befuddle Samba (;-)) In either case, snooping
	the packets may tell us what to do about it...
	
	In the meantime, do you have any other machine to play
	authentication server?
	
--dave
--
David Collier-Brown in Boston
Phone: (781) 442-0734, Room BUR03-3632



More information about the samba mailing list