samba - Aug 1997 - case-problem in passwords

I have spent the last days wondering why my domain logon doesn't work and
came up with a stange effect:
My setup:
Samba 1.9.17alpha5 on the server
Win95 (950a) on the clients
everything configured for Domain Master on Samba

It all works OK and domain logons from Win95 do what they're supposed to,
except if I use mixed-case passwords!
My own password works fine, as long as I do NOT use the samba box as
domain controller (logon controller).
I even tried changing my password to something all lowercase and logging
on to the domain (successfully!) then changing it back to mixed case and
mounting some drives (again successfully!)
But it won't let me log on with the mixed case password.
I tried (nearly) all possible combinations -> mixed-case fails at domain
logon....
I tried fiddling with the case options on the netlogon share, but tu no
avail.
Has anybody else experienced this (and found a solution)?

My smb.conf (excerpts):


   workgroup = QSPR

   [global]
        os level = 35
        load printers = no
        security = user
        debug level = 1
        log file = /usr/local/samba/var/smb-log.%m
        max log size = 2000
        server string = QSPR Server (Samba %v)
        character set = iso8859-1
        mangle case = no
        case sensitive = no
;       default case = lower
        preserve case = yes
        short preserve case = yes
        encrypt passwords = no
        create mode = 0755
        read prediction = yes
        valid chars =  ?:? ?:? ?:?
        max disk size = 1500
        dead time = 15
        comment = %S auf %h
;; This is supposed to enable Domain mastering
        wins support = yes
        domain master = yes
        preferred master = yes
        domain logons = yes
        logon script = logon.bat
;;
        veto files = quota.user quota.group
        socket options = TCP_NODELAY    
;
; F?r domain controller
;
   [netlogon]
        path=/usr/local/samba/netlogon
        browsable = yes
        writable = no
        public = yes
        mangle case = no
        case sensitive = no
        default case = lower
        preserve case = no
        short preserve case = no
                                      

---
===============================================================Thomas KIRCHTAG  
mailto:tkircht@iDAS.co.at
Tel.:++43-664/223 16 23 
FAX :++43-1/689 82 52                  http://www.iDAS.co.at
================================================================

> From: Thomas KIRCHTAG <tkircht@qspr03.tuwien.ac.at>
> Subject: case-problem in passwords
> 
> It all works OK and domain logons from Win95 do what they're supposed
to,
> except if I use mixed-case passwords!
> My own password works fine, as long as I do NOT use the samba box as
> domain controller (logon controller).
Use the "password level" setting in smb.conf to fix this problem.
>From the man page:
  password level (G)
     Some client/server combinations have difficulty with  mixed-
     case  passwords.   One offending client is Windows for Work-
     groups, which for some reason forces passwords to upper case
     when  using the LANMAN1 protocol, but leaves them alone when
     using COREPLUS!
 
     This parameter defines the maximum number of characters that
     may be upper case in passwords.
 
     For example, say the password given was "FRED". If  password
     level is set to 1 (one), the following combinations would be
     tried if "FRED" failed:   "Fred",  "fred", 
"fRed",  "frEd",
     "freD".  If  password  level  was  set  to  2 tried:
"FRed",
     "FrEd", "FreD", "fREd", "fReD",
"frED". And so on.
 
     The higher value this parameter is set to the more likely it
     is that a mixed case password will be matched against a sin-
     gle case password. However, you should be aware that use  of
     this parameter reduces security and increases the time taken
     to process a new connection.
 
     A value of zero will cause only two attempts to  be  made  -
     the password as is and the password in all-lower case.
 
     If you find the connections are taking too  long  with  this
     option  then you probably have a slow crypt() routine. Samba
     now comes with a fast "ufc crypt" that you can select in the
     Makefile.  You  should  also  make  sure the PASSWORD_LENGTH
     option is correct for your system in local.h and includes.h.
     On  most  systems  only  the first 8 chars of a password are
     significant so PASSWORD_LENGTH should  be  8,  but  on  some
     longer  passwords are significant. The includes.h file tries
     to select the right length for your system.
 
     Default:
          password level = 0
 
     Example:
          password level = 4

Good fortune,
Tim
-- 
Tim Villa                 Faculties of Economics & Commerce, Education and
Law
Network/Systems Officer        	           The University of Western Australia
Phone: +61-08-9380-1796                                  Fax: +61-08-9380-1068
<mailto:tim@ecel.uwa.edu.au>                
<http://ecel-tim.ecel.uwa.edu.au>