On 10/7/21 11:51 AM, Andrew Bartlett via samba wrote:> On Thu, 2021-10-07 at 13:19 +0200, Tobias Kirchhofer via samba wrote:
>> Hi,
>>
>> recently we updated our Samba AD and Samba fileserver to 4.15.0-
>> SerNet-RedHat-4.el8 and discovered a problem with a user wanted to
>> connect to a samba share from a current macOS. The user has a
>> exclamation point (!) at the very end of the password string. Samba
>> disagrees with that and replies with an authentication error.
>>
>> Testwise we changed the ?!? to the penultimate character and the
>> logon works again.
>>
>> This behaviour must be introduced with a version after 14.13 where we
>> came from. Is this a known issue? Could not find something.
>
> If the password was unchanged in Samba during this process, then this
> is a client-side challenge - only the client will have access to the
> plaintext password, we on the server just get various types of
> challenge/response hashes. (The exception is LDAP simple bind).
>
> I hope this helps narrow things down. I think Nico is onto the point.
>
> Andrew Bartlett
>
This actually brings back memories for me with MacOS Mavericks and possibly even
Yosemite where MacOS was doing an eval (an eval!!) on the password for smb
accesses. Lots of characters caused issues, bang, hash, dollar sign, etc. I
had to tell my Mac users what characters to avoid.