On Sun, 2004-05-02 at 09:09, Tony Wallace wrote: > Hello,, > > Is there anything I can do to our Samba servers to make Windows > passwords longer than 8 characters work? Thanks. > > Our Samba servers use SERVER security, and authenticate against the > same > Windows 2K logon server (PDC) that serves all our Windows 2K & XP > desktops. Any of us with a Windows network password less than or equal > to 8 characters long can mount the Samba shares seamlessly, just like > any Windows file server. However, if you set your Windows password > longer than 8 characters, Samba authentication always fails. > > In general, we know that both Windows and Samba can use longer > passwords- the problem occurs when the Windows desktop client tries to > initiate a connection to the Samba server. Passwords longer than 8 just > don't get transferred correctly from client to server, or so it seems.
While probably unreated to your issue, you should move to 'security=domain', due to the numerous other known issues with 'security=server'. Have you tried connecting directly to the 'password server'? Samba simply passes on the 24 byte authentication response on to that server, and doesn't care too much what is inside it. As the password is hashed first with MD4 (normally) there is nothing special about longer/shorter passwords. Even the DES hash has it's internal breakup at 7 and a limit 14, so that's not the issue. So, it's an issues with the 'password server': What is the password server running? What did you use to set the password on that server? If the password server is Samba, are you sure you have not used a buggy 'getpass()' function when reading passwords in on that system (well known to cut passwords off at 8 chars). Samba will attempt to replace this function, but I suppose it's possible that the configure magic might not have fired correctly. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
