Dion Sasmito
2004-Mar-16 02:16 UTC
[Samba] smbclient with lanman auth=no unable to connect
Hi all, In short, how do you force smbclient not to use Lanman passwords ? I specify these in my smb.conf lanman auth = no min protocol = NT1 Trying smbclient from the same host, root@localhost root]# smbclient //fileservertest/private -U somebody Password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.2a] tree connect failed: NT_STATUS_WRONG_PASSWORD Here are the logs, [2004/03/17 00:00:52, 3] libsmb/ntlm_check.c:ntlm_password_check(306) ntlm_password_check: Lanman passwords NOT PERMITTED for user somebody [2004/03/17 00:00:52, 3] libsmb/ntlm_check.c:ntlm_password_check(371) ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user somebody [2004/03/17 00:00:52, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [somebody] -> [somebody] FAILED with error NT_STATUS_WRONG_PASSWORD [2004/03/17 00:00:52, 2] smbd/service.c:make_connection_snum(410) Invalid username/password for [private] [2004/03/17 00:00:52, 3] smbd/error.c:error_packet(118) error packet at smbd/reply.c(286) cmd=117 (SMBtconX) NT_STATUS_WRONG_PASSWORD If I put lanman auth=no, it works, both from smbclient and from Win98. Based on these, I figure if I can force smbclient not to use send password as lanman I should be able to connect. But I'm not sure, I might have missed something. I've also tried with smbclient //fileservertest/private -U somebody -s /path/to/smb.conf. That didn't work either. Tried smbclient //fileservertest/private -U workstation -m NT1 also doesn't work. Does anyone have any suggestion or ideas ? Or direct me to the appropriate docs or source code that I should look at ? Dion Sasmito Computer Engineer Luxindo Enterprise Pty Ltd, Australia _________________________________________________________ This mail sent using V-webmail - http://www.v-webmail.org
Dion Sasmito
2004-Mar-16 05:17 UTC
[Samba] smbclient with lanman auth=no unable to connect
Follow up, Putting security = user, smbclient works. It uses NT1 (I assume). Changing it back to security = share, smbclient doesn't work. saying NT_STATUS_WRONG_PASSWORD Maybe it's the order of things (protocol negotiation) that smbclient and smbd that's causing this ? Or is this meant to be like this, because it's share level ? ie. ... security = share lanman auth = no min protocol = NT1 ... [private] ... valid users = somebody ... then smbclient //fileservertest/private -U somebody doesn't work ? Dion "Dion Sasmito" <aeondion@metesek.com> wrote:> Hi all, > > In short, how do you force smbclient not to use Lanman passwords ? > > I specify these in my smb.conf > lanman auth = no > min protocol = NT1 > > Trying smbclient from the same host, > root@localhost root]# smbclient //fileservertest/private -U somebody > Password: > Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.2a] > tree connect failed: NT_STATUS_WRONG_PASSWORD > > Here are the logs, > [2004/03/17 00:00:52, 3] libsmb/ntlm_check.c:ntlm_password_check(306) > ntlm_password_check: Lanman passwords NOT PERMITTED for user somebody > [2004/03/17 00:00:52, 3] libsmb/ntlm_check.c:ntlm_password_check(371) > ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 > failed for user somebody > [2004/03/17 00:00:52, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [somebody] -> [somebody] > FAILED with error NT_STATUS_WRONG_PASSWORD > [2004/03/17 00:00:52, 2] smbd/service.c:make_connection_snum(410) > Invalid username/password for [private] > [2004/03/17 00:00:52, 3] smbd/error.c:error_packet(118) > error packet at smbd/reply.c(286) cmd=117 (SMBtconX) > NT_STATUS_WRONG_PASSWORD > > If I put lanman auth=no, it works, both from smbclient and from Win98. > > Based on these, I figure if I can force smbclient not to use send passwordas> lanman I should be able to connect. But I'm not sure, I might have missed > something. > > I've also tried with smbclient //fileservertest/private -U somebody -s > /path/to/smb.conf. > That didn't work either. > Tried smbclient //fileservertest/private -U workstation -m NT1 also doesn't > work. > > Does anyone have any suggestion or ideas ? Or direct me to the appropriate > docs or source code that I should look at ? > > Dion Sasmito > Computer Engineer > Luxindo Enterprise Pty Ltd, Australia_________________________________________________________ This mail sent using V-webmail - http://www.v-webmail.org