[Bug 215410] [NEW] disable-weak-auth.patch renders ineffective "client plaintext auth = yes" in smb.conf

FluidDynamics pawngameme at yahoo.com
Thu Apr 10 23:08:05 BST 2008 

Public bug reported:

Binary package hint: samba

A change introduced in 3.0.27a-2(seen below) makes it impossible to access samba resources that require a plaintext password. An instance of "client plaintext auth = yes" in the [global] options section is ignored by smbclient when attempting to connect to a samba server with 
$smbclient -U <username> //<ipaddress>/<servicename>.
The error message given is: "Server requested plaintext password but 'client use plaintext auth' is disabled". Note the incorrect use of the word "use" in the single-quoted section. Adding a section of "client use plaintext auth = yes" in the global section results in an error about the afformentioned unknown option being ignored. An instance of "client plaintext auth = yes" is not an unknown option, but is ineffective becuase the patch "hard wires" the program preventing plaintext passwords. 

A much better solution would be to make the default smb.conf
configuration file to feature the "client use plaintext auth = no"
option, and allow the user to set to "yes" if necessary.

This is not a case of the "client lanman auth = no" disabling the
"client plaintext auth" option. This bug is important because certain
large universities still have servers that require plaintext passwords.

======Problematic Update Below========
samba (3.0.27a-2) unstable; urgency=low

  * debian/patches/disable-weak-auth.patch: disable plaintext authentication
    on the client, and lanman authentication on both client and server, by
    default since these are only needed for Win9x or Samba with encrypted
    passwords disabled and are potential password attack vectors.  This
    change is backported from Samba 3.2.  LP: #163194.

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

-- 
disable-weak-auth.patch renders ineffective "client plaintext auth = yes" in smb.conf
https://bugs.launchpad.net/bugs/215410
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.

More information about the Ubuntu-server-bugs mailing list