samba - May 2004 - windows password longer than 8 chars will not work

Hello,, 

Is there anything I can do to our Samba servers to make Windows
passwords longer than 8 characters work?  Thanks.

Our Samba servers use SERVER security, and authenticate against the
same
Windows 2K logon server (PDC) that serves all our Windows 2K & XP
desktops.  Any of us with a Windows network password less than or equal
to 8 characters long can mount the Samba shares seamlessly, just like
any Windows file server.  However, if you set your Windows password
longer than 8 characters, Samba authentication always fails.  

In general, we know that both Windows and Samba can use longer
passwords-  the problem occurs when the Windows desktop client tries to
initiate a connection to the Samba server. Passwords longer than 8 just
don't get transferred correctly from client to server, or so it seems. 


Samba server details below- 


Solaris 8/ SPARC

/usr/local/samba/bin/smbd -V
Version 2.2.8a
(from sunfreeware.com)

[global]
        workgroup = ECOMMERCE
        netbios name = PHANTOM2
        security = SERVER
        encrypt passwords = Yes
        password server = ben_or_pdc
        passwd program = /usr/bin/passwd %u
        username map = /usr/local/samba/private/users.map
        log level = 2
        log file = /usr/local/samba/var/logs/log:%m:%I
        max log size = 100
        debug pid = Yes
        debug uid = Yes
        load printers = No
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        wins server = 206.67.210.5
        hosts allow 127.0.0.1,206.67.210.,192.168.53.,10.222.7.,10.222.8.
        case sensitive = Yes
        map archive = No


Tony



	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover

On Sun, 2004-05-02 at 09:09, Tony Wallace wrote:
> Hello,, 
> 
> Is there anything I can do to our Samba servers to make Windows
> passwords longer than 8 characters work?  Thanks.
> 
> Our Samba servers use SERVER security, and authenticate against the
> same
> Windows 2K logon server (PDC) that serves all our Windows 2K & XP
> desktops.  Any of us with a Windows network password less than or equal
> to 8 characters long can mount the Samba shares seamlessly, just like
> any Windows file server.  However, if you set your Windows password
> longer than 8 characters, Samba authentication always fails.  
> 
> In general, we know that both Windows and Samba can use longer
> passwords-  the problem occurs when the Windows desktop client tries to
> initiate a connection to the Samba server. Passwords longer than 8 just
> don't get transferred correctly from client to server, or so it seems. 
While probably unreated to your issue, you should move to
'security=domain', due to the numerous other known issues with
'security=server'.

Have you tried connecting directly to the 'password server'?  Samba
simply passes on the 24 byte authentication response on to that server,
and doesn't care too much what is inside it.  

As the password is hashed first with MD4 (normally) there is nothing
special about longer/shorter passwords.  Even the DES hash has it's
internal breakup at 7 and a limit 14, so that's not the issue.

So, it's an issues with the 'password server':

What is the password server running?  What did you use to set the
password on that server?

If the password server is Samba, are you sure you have not used a buggy
'getpass()' function when reading passwords in on that system (well
known to cut passwords off at 8 chars).  Samba will attempt to replace
this function, but I suppose it's possible that the configure magic
might not have fired correctly.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20040502/96ac25f7/attachment.bin