Authenticating WinXP with Samba 3.0 CVS (plaintext) problem
I have a WinXP box that has plaintext password enabled. I have a Samba 3.0 CVS server that also does not use encrypted passwords (uses PAM). I cannot connect to shares from the WinXP box because apparantly the non-encrypted password is sent as the NT password, and nothing as the LM password. The protocol that was negotiated was NT LM 0.12. From the code, it seems that the Samba server believes that plaintext passwords should only be sent for the protocols PROTOCOL_NT1 (anything other than NT LM 0.12 or NT LANMAN 1.0). Has anyone else seen this? Am I missing something here? Getting WinXP to work with plaintext passwords is rather important for my setup. Kris -- Never underestimate a Mage with: - the Intelligence to cast Magic Missile, - the Constitution to survive the first hit, and - the Dexterity to run fast enough to avoid being hit a second time.
Re: Authenticating WinXP with Samba 3.0 CVS (plaintext) problem
On Wed, Feb 26, 2003 at 12:59:58PM -0500, Kris Van Hees wrote: I have a WinXP box that has plaintext password enabled. I have a Samba 3.0 CVS server that also does not use encrypted passwords (uses PAM). I cannot connect to shares from the WinXP box because apparantly the non-encrypted password is sent as the NT password, and nothing as the LM password. You mean that XP sends the plaintext password in the Unicode Password field? That's sick. Does it send it as ASCII or Unicode. The protocol that was negotiated was NT LM 0.12. That would be correct. From the code, it seems that the Samba server believes that plaintext passwords should only be sent for the protocols PROTOCOL_NT1 (anything other than NT LM 0.12 or NT LANMAN 1.0). No, Samba can handle plaintext just fine in the NT LM 0.12 dialect. It's just that Samba needs to know where to *find* the password. Plaintext passwords are always sent in the first password field (ASCII Password, or CaseInsensitivePassword, depending on which documentation you read). Has anyone else seen this? Am I missing something here? Getting WinXP to work with plaintext passwords is rather important for my setup. No, but I don't have an XP system available. I'd be interested in seeing the SessionSetupAndX from an Ethereal trace. Chris -)- -- Never underestimate a Mage with: - the Intelligence to cast Magic Missile, - the Constitution to survive the first hit, and - the Dexterity to run fast enough to avoid being hit a second time. I've got a fourth-level wombat teaser that's +4 on musk. -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: Authenticating WinXP with Samba 3.0 CVS (plaintext) problem
On Wed, Feb 26, 2003 at 01:39:26PM -0600, Christopher R. Hertel wrote: On Wed, Feb 26, 2003 at 12:59:58PM -0500, Kris Van Hees wrote: I have a WinXP box that has plaintext password enabled. I have a Samba 3.0 CVS server that also does not use encrypted passwords (uses PAM). I cannot connect to shares from the WinXP box because apparantly the non-encrypted password is sent as the NT password, and nothing as the LM password. You mean that XP sends the plaintext password in the Unicode Password field? That's sick. Does it send it as ASCII or Unicode. That is correct, and it is in Unicode indeed (2 bytes per character). The protocol that was negotiated was NT LM 0.12. That would be correct. From the code, it seems that the Samba server believes that plaintext passwords should only be sent for the protocols PROTOCOL_NT1 (anything other than NT LM 0.12 or NT LANMAN 1.0). No, Samba can handle plaintext just fine in the NT LM 0.12 dialect. It's just that Samba needs to know where to *find* the password. Plaintext passwords are always sent in the first password field (ASCII Password, or CaseInsensitivePassword, depending on which documentation you read). Yup, and WinXP I guess is not playing nice in that sense. Has anyone else seen this? Am I missing something here? Getting WinXP to work with plaintext passwords is rather important for my setup. No, but I don't have an XP system available. I'd be interested in seeing the SessionSetupAndX from an Ethereal trace. Would a tcpdump of the dialogue also be acceptable? :) I can of course also send the samba.log and/or SMBtconX.* files etc... Kris
Re: Authenticating WinXP with Samba 3.0 CVS (plaintext) problem
On Wed, Feb 26, 2003 at 02:54:00PM -0500, Kris Van Hees wrote: On Wed, Feb 26, 2003 at 01:39:26PM -0600, Christopher R. Hertel wrote: On Wed, Feb 26, 2003 at 12:59:58PM -0500, Kris Van Hees wrote: I have a WinXP box that has plaintext password enabled. I have a Samba 3.0 CVS server that also does not use encrypted passwords (uses PAM). I cannot connect to shares from the WinXP box because apparantly the non-encrypted password is sent as the NT password, and nothing as the LM password. You mean that XP sends the plaintext password in the Unicode Password field? That's sick. Does it send it as ASCII or Unicode. That is correct, and it is in Unicode indeed (2 bytes per character). ...and there's no ASCII password? Unicode Plaintext is a very unusual combination. I have tested this combination before (Samba can be made to do it) but since we've never had anything to test against... Would a tcpdump of the dialogue also be acceptable? :) I can of course also send the samba.log and/or SMBtconX.* files etc... Tcpdump is perfect. :) Oh! ...but use a bogus password, or change the password after you've captured the data. I don't want your real auth data. :) Send directly to me, please. If anyone else on the Team wants a look I'll share. I may run it past a few other folks as well, and I would love to have the information for my book. Thanks! Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]