Hi all,
I've trawled the Archives, and the documentation and failed to find
a definate answer to this one.
I've just installed the Microsoft Network Client v3.0 for MS-DOS.
When using the 'Basic Redirector' all connection attempts get refused,
error being invalid password (client error being number 86). This appears
to be wide-spread problem.
Documentation pointed to by the Smaba web-site comparing the various DOS
clients says that you have to use 'security=share' in order to get the
Basic Redirector to work. I can confirm that using 'security=user' and
the Basic Redirector does not work, and the using the Full Redirector does
work.
I've not yet had a chance to try the LAN Manger client, but I suspect the
same problem will occur.
A level 4 log of smb produced the following obvious discrepancy between a
Full Redirector and a Basic Redirector
Full
10/30/97 16:07:59 Transaction 2 of length 124
switch message SMBsesssetupX (pid 3239)
sesssetupX:name=[DMCCANN]
Checking password for user dmccann (l=6)
adding home directory dmccann at /users/dmccann
dmccann is in 3 groups
100 999 5005
uid 1110 registered to name dmccann
Basic
10/30/97 16:05:10 Transaction 2 of length 91
switch message SMBsesssetupX (pid 3236)
sesssetupX:name=[DMCCANN]
Checking password for user dmccann (l=24)
10/30/97 16:05:10 error packet at line 443 cmd=115 (SMBsesssetupX) eclass=2
ecode=2
error string = No such file or directory
end of file from client
Closing connections
Which appears to show a much shorter packet being sent by the Basic
Redirector, but containing a longer password (24 chars instead of the
expected 6).
I'm assuming it would be fairly trivial for a program moderately familiar
with Samba to include the actual password string in the debugging ouput.
Would this prove useful?
I'd be vrey appreciative of any light you might be able to shed on this
problem.
(FWIW, I'm running Samba 1.9.16p11 on SGI IRIX 5.3)
Mac
Assistant Systems Adminstrator @nibsc.ac.uk
Work: +44 1707 654753 x 285 Everything else: +44 956 237670 (anytime)
Hi all (again) (yuck, following up your own posting...)
[Basic problem is that 'Basic Redirector' of MS Network Client 3.0 for
DOS won't work with Samba in 'security=user' mode, whereas the
'Full
Redirector' will. 'security=share' mode is O.K.]
Having posted previous message, I've hacked my password.c to log the actual
password string sent by the client at debug level 4. Leathal to security,
I know.
It turns out that the MS Network Client for DOS Basic Redirector _always_
sends a 24 byte password. So, I guessed at encryption, got 'libdes',
recompiled my smbd (again), found a 'spare' Silicon Graphics server and
installed Encryption on it. (ENCRYPTION.txt is very good).
This makes it work!!!!!
I can now use the Basic redirector with Samba in 'security=user' mode.
Obvioulsy I now have the headache of maintaing an 'smbpasswd' file as
well
as a /etc/passwd file, although I think populating it will be easier now I
have smbd logging every client's passwords!
Only one gripe (other than the 'Basic' redirector not doing plain-text
passwords of course) is that there's no way for Samba to take the encrypted
string it's been sent, deduce the plain text password, and try that as
well. Is there?
Happy landings,
Mac
Assistant Systems Adminstrator @nibsc.ac.uk
Work: +44 1707 654753 x 285 Everything else: +44 956 237670 (anytime)