[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: disable "fake" samba authentication error messages



On Thu, 2 Jul 1998, Charlie Brady wrote:

> 
> On Thu, 2 Jul 1998, Urs Rau wrote:
> 
> > What bothers me is that samba is filling up my log files with a lot of 
> > extraneous/fake entries about authentication failures. "Extraneous/fake" - 
> > because all it is is a reflection of the way the protocol actually tries to login - 
> > going through the upper/lower case mutations as configured.

This is due to the Windows machines forcing the password to be uppercased.
A cracking algorithm is applied, which can be short-circuited by asking
your users to only use lower case letters in passwords.  This will still
allow numbers and non-numeric characters but may still not satisfy the
truly paranoid.

The alternative is to use encrypted passwords, and maintain the UNIX and
NT / LM password databases seperately: there are tools to do this.

Luke



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []