[Samba] Clear text authentication impossible???

Jeremy Allison jra at samba.org
Fri Oct 24 01:19:25 GMT 2003


On Thu, Oct 23, 2003 at 08:51:09AM +1000, Andrew Bartlett wrote:
> On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote:
> > On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
> > > We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
> > > access with clear text authentication from clients.
> > > But no kind of credentials is accepted.
> > > 
> > > It did a level 10 log on the Samba server and found my clear text password
> > > in the log (in nt_chal_resp and lm_chal_resp fields) during authentication.
> > > 
> > > Is it possible that Samba can't handle the clear-text pass-through from
> > > POP3-Client per Exchange server and takes it for NTLMv2 challenge????
> > 
> > Can you post the debug level 10 log please (obfuscate all passwords of course :-).
> 
> I picked this one up at the end of last week.   I never got it into CVS,
> because I didn't have the setup to test it.  (And I wanted to clean it
> up a bit, we should also handle the 'interactive' login in a similar
> way, and possibly 'ascii' passwords against the LM hash).
> 
> Thanks to Fabien Chevalier for providing the information that made
> fixing this so easy.

I've committed a varient of this. Andrew can you please check for
correctness ?

Thanks,

	Jeremy.



More information about the samba mailing list