2 files changed, 11 insertions, 2 deletions

diff --git a/source3/smbd/auth.c b/source3/smbd/auth.c
index bbcf34e8ca..cb0d54bf9b 100644
--- a/source3/smbd/auth.c
+++ b/source3/smbd/auth.c
@@ -157,7 +157,8 @@ uint32 pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
 
 	memcpy(user_info.chal, chal, 8);
 
-	if (lm_pwd_len >= 24 || (lp_encrypted_passwords() && (lm_pwd_len == 0) && lp_null_passwords())) {
+	if ((lm_pwd_len >= 24 || nt_pwd_len >= 24) || 
+	    (lp_encrypted_passwords() && (lm_pwd_len == 0) && lp_null_passwords())) {
 		/* if 24 bytes long assume it is an encrypted password */
 	  
 		user_info.lm_resp.buffer = (uint8 *)lm_pwd;
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index ee71854687..eb97382750 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -632,7 +632,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
     passlen1 = MIN(passlen1, MAX_PASS_LEN);
     passlen2 = MIN(passlen2, MAX_PASS_LEN);
 
-    if(!doencrypt) {
+    if (!doencrypt) {
        /* both Win95 and WinNT stuff up the password lengths for
           non-encrypting systems. Uggh. 
       
@@ -716,6 +716,14 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
 	  return bad_password_error(inbuf, outbuf);
   }
 
+  if (lp_security() == SEC_SHARE) {
+	  /* in share level we should ignore any passwords */
+	  smb_ntpasslen = 0;
+	  smb_apasslen = 0;
+	  guest = True;
+  }
+
+
   DEBUG(3,("sesssetupX:name=[%s]\n",user));
 
   /* If name ends in $ then I think it's asking about whether a */