Created attachment 8622 [details] Level 10 log Cannot connect plain text password. My smb.conf: ----- [global] encrypt passwords = no lanman auth = yes max protocol = nt1 ntlm auth = yes [tmp] path = /tmp writeable = yes ----- Client Windows 8 Pro (LMCompatibilityLevel = 0, EnablePlainTextPassword: 1)
Samba plain password auth is broken since this change in source3/auth/auth_ntlmssp.c: - nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context, - user_info, &server_info); + mapped_user_info->flags = user_info->flags; - username_was_mapped = user_info->was_mapped; + nt_status = auth_context->check_ntlm_password(auth_context, + mapped_user_info, &server_info); because password.plaintext is missin in mapped_user_info I managed to solve it with this simple patch: --- samba-4.1.6+dfsg/source3/auth/auth_ntlmssp.c 2012-02-17 00:00:00.449156964 -0300 +++ samba-4.1.6+dfsg-new/source3/auth/auth_ntlmssp.c 2014-10-03 18:06:23.795911129 -0300 @@ -123,7 +123,7 @@ user_info->remote_host, user_info->password.response.lanman.data ? &user_info->password.response.lanman : NULL, user_info->password.response.nt.data ? &user_info->password.response.nt : NULL, - NULL, NULL, NULL, + NULL, NULL, user_info->password.plaintext, AUTH_PASSWORD_RESPONSE); if (!NT_STATUS_IS_OK(nt_status)) { best regards Gabriel
Created attachment 10327 [details] patch to source3/auth/auth_ntlmssp.c to restore plain text password feature
The biggest issue here isn't applying the patch, but that as we quite clearly have no test for this (otherwise we would have noticed it), we need an automated test in the testsuite, otherwise it will just break again.
*** Bug 12391 has been marked as a duplicate of this bug. ***
*** Bug 6492 has been marked as a duplicate of this bug. ***
*** Bug 6761 has been marked as a duplicate of this bug. ***
'encrypt passwords' has been set to 'yes' for years, and the parameter is now marked as deprecated, so it is highly unlikely we will ever fix this, so closing this bug report.
People are using Samba with DOS client and will still do so in many years. This Bug report has a valid patch attached which just doesn't go upstream because of a missing patch, do not close such bug reports please.
I really do want to contribute with a test to allow the patch to be merged, but I do not really know where it should be added. Perhaps if some of you provide me a pointer to a similar test to modify or improve, I will manage to develop a test for this particular scenario. I am tired of patching samba every time I update my OSs :-(