samba - Dec 1999 - No subject

For many moons, now, my Samba-on-Linux server (presently Samba 2.0.6) has
displayed some mildly annoying behavior (at least I think it is the Samba
server...it might be the NT workstation), to wit, whenever I login on a
Windows 95 workstation and browse over to the Samba server, it authenticates
me transparently, whereas when I login on a Window NT box and browse over to
the Samba server, I am prompted for a username and password before I can
view the Samba server's shares.  I use the same username and password on all
three boxes.

To get to the bottom of this issue, I downloaded tcpdump-smb and traced the
dialog in each case (tcpdump -i eth1 -s 1500 port 137 or port 138 or port
139).  In the case of Windows 95, I noticed the following packet:

13:45:18.836375 playhouse.1027 > gatekeeper.netbios-ssn: P 231:396(165) ack
90 win 8671 <nop,nop,timestamp 72480 31042
220>
>>> NBT Packet
flags=0x1
NBT Session Packet
Flags=0x101
Length=2058
found SMB packet at 12

SMB PACKET: SMBsesssetupX (REQUEST)
SMB Command   =  0x73
Error class   =  0x0
Error code    =  0
Flags1        =  0x10
Flags2        =  0x0
Tree ID       =  0
Proc ID       =  5565
UID           =  1
MID           =  513
Word Count    =  13
Com2=0x75
Res1=0x0
Off2=127
MaxBuffer=2920
MaxMpx=50
VcNumber=0
SessionKey=0xA90
CaseInsensitivePasswordLength=24
CaseSensitivePasswordLength=0
Res=0x0
Capabilities=0x1
Pass1&Pass2&Account&Domain&OS&LanMan[000] XX XX XX XX XX XX
00 00  00 00 00 00 00 00 00 42  XXXXXX.. .......B
[010] 52 49 41 4E 00 00 00 00  42 52 49 41 4E 00 43 59  RIAN.... BRIAN.CY
[020] 42 45 52 4E 41 55 54 49  58 00 57 69 6E 64 6F 77  BERNAUTI X.Window
[030] 73 20 34 2E 30 00 57 69  6E 64 6F 77 73 20 34 2E  s 4.0.Wi ndows 4.
[040] 30 00                                             0.

(Playhouse is the Win95 box and gatekeeper the Linux box.  I have masked the
password with 'X'.)

In the case of accessing Gatekeeper with the NT box, I notice a different
packet:

13:46:38.589912 specter.1574 > gatekeeper.netbios-ssn: P 247:393(146) ack 90
win 8671
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=142

SMB PACKET: SMBsesssetupX (REQUEST)
SMB Command   =  0x73
Error class   =  0x0
Error code    =  0
Flags1        =  0x18
Flags2        =  0x3
Tree ID       =  0
Proc ID       =  51966
UID           =  0
MID           =  0
Word Count    =  13
Com2=0x75
Res1=0x0
Off2=108
MaxBuffer=61440
MaxMpx=50
VcNumber=0
SessionKey=0xA96
CaseInsensitivePasswordLength=1
CaseSensitivePasswordLength=18255
Res=0x0
Capabilities=0xD4
Pass1&Pass2&Account&Domain&OS&LanMan[000] 00 00 43 59 42 45
52 4E  41 55 54 49 58 00 57 69  ..CYBERN AUTIX.Wi
[010] 6E 64 6F 77 73 20 4E 54  20 31 33 38 31 00 00 57  ndows NT  1381..W
[020] 69 6E 64 6F 77 73 20 4E  54 20 34 2E 30 00 00     indows N T 4.0..

It appears that the NT box simply did not offer the username and password.
Is this due to a registry setting on the NT box?  Was there something I
overlooked in the conversation between the Win 95 and Linux boxes that
caused the Win 95 box to volunteer the username and password?

I would like to resolve this issue because I hope to deploy Linux in lieu of
NT for a friend of mine and I think logging in twice would annoy him
greatly.


--Brian Haney
brian@cybernaut.com                                       www.cybernaut.com
President                                                      800-762-8849
CyberNautix, Inc.                   Open Technology for the Digital Economy