Encrypted password support fails
Steve Holstead
Steve.Holstead at ualberta.ca
Thu Oct 31 22:09:00 GMT 2002
Thanks for the info Andrew. I guess this brings up a couple of other
questions. I hope you don't mind.
The current samba 2.X seems to use the "unicode" password and checks to
see if it is a NT,LM, or cleartext solution. Is this the case? If so, what
is the purpose of the "ansi" 24 char password?
Now that ntlm v2 is here, does this mean we will have a database with 3
different sets of credentials?
On Thu, 31 Oct 2002, Andrew Bartlett wrote:
> Steve Holstead wrote:
> >
> > I am running samba 2.2.4 on AIX 4.3.3.
> >
> > I am having a little problem with encrypted password support. Most of
> > my client machines will connect okay. However, I have a couple of
> > machines (win2000) that fail at logon time. I ran a tcpdump and had a look
> > at what was happening....
> >
> > Negotiate protocol response says we'll talk at > lanman2.1
> >
> > Tree Connect AndX Request says here is my:
> > ANSI password of length 24
> > and
> > Unicode password of length 106
> >
> > Tree Connect AndX Response says "invalid password"
> >
> > All my successful clients have a ANSI and Unicode passwd len of 24. Does anyone know what would cause a win2000 client to send me a password of
> > 106?
>
> That's NTLMv2, which Samba 2.2 does not support. It is configured
> either by system policy, or the LMcomatiblityLevel Registry setting.
> (MS has some docs on it in the KB).
>
> Samba 3.0 has support for this, but I need to double-check our NTLMSSP
> implementation (some things changed there that I may have broken it).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
More information about the samba-technical
mailing list