samba - Jun 2005 - [Q] Are passwords case-sensitive in samba 3?

Apparently it was possible from Windows 2000 and XP clients to ignore 
the case of a mixed-case password and successfully logon users in 
samba-2.2.8a. Samba 3.0.14a-r1, however, is case-sensitive. 
(Passwords are stored in the smbpasswd file and encrypt passwords = 
Yes.)

 From what I discovered, Windows 2000 and XP support NTLM-based 
password authentication, where passwords are case-sensitive. But how 
was samba-2.2.8a able to ignore it in all situations from all 
clients? If I try setting ntlm auth = No,  3.0.14a-r1 still demands 
the upper/lower case match.

other keywords: uppercase, lowercase, username, lanman
-- 

Maurice Volaski, mvolaski@aecom.yu.edu
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Maurice Volaski wrote:
> Apparently it was possible from Windows 2000 and XP clients 
> to ignore the case of a mixed-case password and successfully
> logon users in samba-2.2.8a. Samba 3.0.14a-r1, however, is
> case-sensitive. (Passwords are stored in the smbpasswd file
> and encrypt passwords = Yes.)
lanman passwords are case insensitive.  NTLM passwords are
case sensitive.




cheers, jerry
====================================================================Alleviating
the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCvEsvIR7qMdg1EfYRAqBBAJ47sA9/VdEcuP181EASK8kn5vNgIACghGOK
m7UKild3rfc/3NXq2Bt1gsw=EnWy
-----END PGP SIGNATURE-----

>Maurice Volaski wrote:
>
>>  Apparently it was possible from Windows 2000 and XP clients
>>  to ignore the case of a mixed-case password and successfully
>  > logon users in samba-2.2.8a. Samba 3.0.14a-r1, however, is
>>  case-sensitive. (Passwords are stored in the smbpasswd file
>>  and encrypt passwords = Yes.)
>
>lanman passwords are case insensitive.  NTLM passwords are
>case sensitive.
>
Yes, but they appear to have been irrelevant under samba-2.2.8a 
because W2K and XP seem to send the passwords in both forms.

In addition,  samba 3.0.14a-r1 has an option ntlm auth, which when 
set to "no" is supposed to be disable NTLM password authentication, 
but samba appears to ignore this option and always requires NTLM 
passwords if the client offers them. I filed this as bug 2821.
-- 

Maurice Volaski, mvolaski@aecom.yu.edu
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University

On Fri, 2005-06-24 at 15:02 -0400, Maurice Volaski
wrote:
> >Maurice Volaski wrote:
> >
> >>  Apparently it was possible from Windows 2000 and XP clients
> >>  to ignore the case of a mixed-case password and successfully
> >  > logon users in samba-2.2.8a. Samba 3.0.14a-r1, however, is
> >>  case-sensitive. (Passwords are stored in the smbpasswd file
> >>  and encrypt passwords = Yes.)
> >
> >lanman passwords are case insensitive.  NTLM passwords are
> >case sensitive.
> >
> 
> Yes, but they appear to have been irrelevant under samba-2.2.8a 
> because W2K and XP seem to send the passwords in both forms.
> 
> In addition,  samba 3.0.14a-r1 has an option ntlm auth, which when 
> set to "no" is supposed to be disable NTLM password
authentication,
> but samba appears to ignore this option and always requires NTLM 
> passwords if the client offers them. I filed this as bug 2821.
Turing this option off should restrict Samba to Kerberos and NLTMv2
logins.  There is no way to force Samba to ignore a supplied NT response
in favour of the less secure LM response.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20050628/5cdf9885/attachment.bin