Re: [Samba] windows password longer than 8 chars will not work
--- Andrew Bartlett [EMAIL PROTECTED] wrote: On Sun, 2004-05-02 at 09:09, Tony Wallace wrote: Hello,, Is there anything I can do to our Samba servers to make Windows passwords longer than 8 characters work? Thanks. Our Samba servers use SERVER security, and authenticate against the same Windows 2K logon server (PDC) that serves all our Windows 2K XP desktops. Any of us with a Windows network password less than or equal to 8 characters long can mount the Samba shares seamlessly, just like any Windows file server. However, if you set your Windows password longer than 8 characters, Samba authentication always fails. In general, we know that both Windows and Samba can use longer passwords- the problem occurs when the Windows desktop client tries to initiate a connection to the Samba server. Passwords longer than 8 just don't get transferred correctly from client to server, or so it seems. While probably unreated to your issue, you should move to 'security=domain', due to the numerous other known issues with 'security=server'. Have you tried connecting directly to the 'password server'? Samba simply passes on the 24 byte authentication response on to that server, and doesn't care too much what is inside it. As the password is hashed first with MD4 (normally) there is nothing special about longer/shorter passwords. Even the DES hash has it's internal breakup at 7 and a limit 14, so that's not the issue. So, it's an issues with the 'password server': What is the password server running? What did you use to set the password on that server? If the password server is Samba, are you sure you have not used a buggy 'getpass()' function when reading passwords in on that system (well known to cut passwords off at 8 chars). Samba will attempt to replace this function, but I suppose it's possible that the configure magic might not have fired correctly. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net ATTACHMENT part 2 application/pgp-signature name=signature.asc - Andrew, thank you for replying. Have you tried connecting directly to the 'password server'? Yes, the password server is also a Windows file server, and we connect to it frequently- that is, we mount shares on our Windows desktops. Never had any problem w/ long passwords in that context. What is the password server running? What did you use to set the password on that server? The password server is Windows NT. It is the PDC of the domain that holds all our personal Windows network logins. Each individual user sets/resets their own Windows password via their Windows desktop, in the usual Windows way. One of our Samba systems was run with SECURITY=user instead of SECURITY=server for several months. No Windows passwd server. Smbpasswd would accept a longer-than-8 pw when run from the Unix cmdline- but you still could not get a Windows client connection authenticated until you changed your Samba pw (using smbpasswd) to 8 chars or less. The longer-than-8 Windows pw fails only when Win 2K or XP desktops try to connect to the Samba servers. The longer pw works fine in every other respect- on the Windows network, on Solaris, and in smbpasswd. Thanks again- Tony __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] windows password longer than 8 chars will not work
Hello,, Is there anything I can do to our Samba servers to make Windows passwords longer than 8 characters work? Thanks. Our Samba servers use SERVER security, and authenticate against the same Windows 2K logon server (PDC) that serves all our Windows 2K XP desktops. Any of us with a Windows network password less than or equal to 8 characters long can mount the Samba shares seamlessly, just like any Windows file server. However, if you set your Windows password longer than 8 characters, Samba authentication always fails. In general, we know that both Windows and Samba can use longer passwords- the problem occurs when the Windows desktop client tries to initiate a connection to the Samba server. Passwords longer than 8 just don't get transferred correctly from client to server, or so it seems. Samba server details below- Solaris 8/ SPARC /usr/local/samba/bin/smbd -V Version 2.2.8a (from sunfreeware.com) [global] workgroup = ECOMMERCE netbios name = PHANTOM2 security = SERVER encrypt passwords = Yes password server = ben_or_pdc passwd program = /usr/bin/passwd %u username map = /usr/local/samba/private/users.map log level = 2 log file = /usr/local/samba/var/logs/log:%m:%I max log size = 100 debug pid = Yes debug uid = Yes load printers = No preferred master = No local master = No domain master = No dns proxy = No wins server = 206.67.210.5 hosts allow = 127.0.0.1,206.67.210.,192.168.53.,10.222.7.,10.222.8. case sensitive = Yes map archive = No Tony __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows password longer than 8 chars will not work
On Sun, 2004-05-02 at 09:09, Tony Wallace wrote: Hello,, Is there anything I can do to our Samba servers to make Windows passwords longer than 8 characters work? Thanks. Our Samba servers use SERVER security, and authenticate against the same Windows 2K logon server (PDC) that serves all our Windows 2K XP desktops. Any of us with a Windows network password less than or equal to 8 characters long can mount the Samba shares seamlessly, just like any Windows file server. However, if you set your Windows password longer than 8 characters, Samba authentication always fails. In general, we know that both Windows and Samba can use longer passwords- the problem occurs when the Windows desktop client tries to initiate a connection to the Samba server. Passwords longer than 8 just don't get transferred correctly from client to server, or so it seems. While probably unreated to your issue, you should move to 'security=domain', due to the numerous other known issues with 'security=server'. Have you tried connecting directly to the 'password server'? Samba simply passes on the 24 byte authentication response on to that server, and doesn't care too much what is inside it. As the password is hashed first with MD4 (normally) there is nothing special about longer/shorter passwords. Even the DES hash has it's internal breakup at 7 and a limit 14, so that's not the issue. So, it's an issues with the 'password server': What is the password server running? What did you use to set the password on that server? If the password server is Samba, are you sure you have not used a buggy 'getpass()' function when reading passwords in on that system (well known to cut passwords off at 8 chars). Samba will attempt to replace this function, but I suppose it's possible that the configure magic might not have fired correctly. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
