[Samba] windows password longer than 8 chars will not work

Andrew Bartlett abartlet at samba.org
Sun May 2 01:12:34 GMT 2004 

On Sun, 2004-05-02 at 09:09, Tony Wallace wrote:
> Hello,, 
> 
> Is there anything I can do to our Samba servers to make Windows
> passwords longer than 8 characters work?  Thanks.
> 
> Our Samba servers use SERVER security, and authenticate against the
> same
> Windows 2K logon server (PDC) that serves all our Windows 2K & XP
> desktops.  Any of us with a Windows network password less than or equal
> to 8 characters long can mount the Samba shares seamlessly, just like
> any Windows file server.  However, if you set your Windows password
> longer than 8 characters, Samba authentication always fails.  
> 
> In general, we know that both Windows and Samba can use longer
> passwords-  the problem occurs when the Windows desktop client tries to
> initiate a connection to the Samba server. Passwords longer than 8 just
> don't get transferred correctly from client to server, or so it seems. 

While probably unreated to your issue, you should move to
'security=domain', due to the numerous other known issues with
'security=server'.

Have you tried connecting directly to the 'password server'?  Samba
simply passes on the 24 byte authentication response on to that server,
and doesn't care too much what is inside it.  

As the password is hashed first with MD4 (normally) there is nothing
special about longer/shorter passwords.  Even the DES hash has it's
internal breakup at 7 and a limit 14, so that's not the issue.

So, it's an issues with the 'password server':

What is the password server running?  What did you use to set the
password on that server?

If the password server is Samba, are you sure you have not used a buggy
'getpass()' function when reading passwords in on that system (well
known to cut passwords off at 8 chars).  Samba will attempt to replace
this function, but I suppose it's possible that the configure magic
might not have fired correctly.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040502/96ac25f7/attachment.bin

More information about the samba mailing list