[Samba] Samba 4 empty password

Fink Oliver oliver.fink at ak-vorarlberg.at
Thu Aug 8 05:32:23 MDT 2013

Hello Andrew,

Thanks for your reply.

We did try with following settings:


               null passwords = Yes

        minimum password lenght set to 0

We set the password over a Windows 7 client.

Thanks a lot


>>  Kerberos: Looking for ENC-TS pa-data -- media1 at BC

>> [2013/08/07 13:31:46,  3]

>> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)

>>   Kerberos: Failed to decrypt PA-DATA -- media1 at BC (enctype

>> aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum

>> type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96

>> [2013/08/07 13:31:46,  3]

>> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)

>>   Kerberos: Failed to decrypt PA-DATA -- media1 at BC

>This means the KDC had a different hash to the one the user encrypted the time


>Aside from the flag 'ACB_NOPWREQ' (which does *not* mean no password

>required, it actually means no password requirements, ie no minimum

>length), the KDC doesn't know the length (even zero length) of the

>password, it just performs calculations based on the stored hash.

>How did you set the 'empty' password in Samba?

>Andrew Bartlett


Andrew Bartlett


Authentication Developer, Samba Team           http://samba.org

Samba Developer, Catalyst IT                   http://catalyst.net.nz


To unsubscribe from this list go to the following URL and read the

instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list