[Samba] Samba 4 empty password
Andrew Bartlett
abartlet at samba.org
Wed Aug 7 23:30:12 MDT 2013
On Wed, 2013-08-07 at 13:56 +0000, Fink Oliver wrote:
> Hello,
>
> We are trying to setup a SAMBA-Server with users that have empty passwords.
>
> We are using:
> Samba 4.0.8
> Kernel 3.10.5
> Slackware 14.0 x64
>
> When we set a password the login successes!
>
> That's what we get when trying to login:
> Kerberos: Looking for ENC-TS pa-data -- media1 at BC
> [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to decrypt PA-DATA -- media1 at BC (enctype aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
> [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to decrypt PA-DATA -- media1 at BC
This means the KDC had a different hash to the one the user encrypted the time with.
Aside from the flag 'ACB_NOPWREQ' (which does *not* mean no password
required, it actually means no password requirements, ie no minimum
length), the KDC doesn't know the length (even zero length) of the
password, it just performs calculations based on the stored hash.
How did you set the 'empty' password in Samba?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
More information about the samba
mailing list