samba - Feb 2022 - Samba 4.14.5 NTLMv1

On Wed, 2022-01-19 at 15:38 +0100, Eric Lehmann via samba
wrote:
> Rowland, at the end is an output from testparm.
> 
> In the meantime I switched client NTLMv2 auth = No. Now, also the
> smbclient
> at the same server uses NTLMv1 and it works.
> 
> But not for the PLC / micro-device, it always leads to the log
> message:
> check_ntlm_password:  Authentication for user [ USER  ] -> [ USER  ]
> FAILED
> with error NT_STATUS_NO_SUCH_USER, authoritative=1
> 
> Here is a log entry from last year. The section -> [DOMAIN\ USER  ]
> is
> missing today. May it is not a problem with NTLMv1 but something
> within
> user mapping?
> [2021/10/04 03:52:15.251868,  2]
> ../../source3/auth/auth.c:328(auth_check_ntlm_password)
>   check_ntlm_password:  authentication for user [USER] -> [ USER  ]
> ->
> [DOMAIN\ USER  ] succeeded
> 
> testparm -v :
> 
Would you mind running the 'testparm' command again, but this time
without the '-v' ?

Rowland

Rowland, here it is:

testparm
Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "lanman auth" option is
deprecated
lpcfg_do_global_parameter: WARNING: The "client NTLMv2 auth" option is
deprecated
Loaded services file OK.
Weak crypto is allowed

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

# Global parameters
[global]
        client min protocol = NT1
         server min protocol = NT1
        client NTLMv2 auth = No
        kerberos method = secrets and keytab
        lanman auth = Yes
        ntlm auth = ntlmv1-permitted
        security = ADS
        workgroup = DOMAIN
        realm =  DOMAIN.INTERN
        template homedir = /home/%U
        log file = /var/log/samba/%m.log
        template shell = /bin/bash
        winbind nss info = rfc2307
        winbind offline logon = Yes
        winbind refresh tickets = Yes
        winbind use default domain = Yes
        idmap config * : range = 10000-999999
        idmap config  DOMAIN  : unix_primary_group = yes
        idmap config  DOMAIN  : unix_nss_info = yes
        idmap config  DOMAIN  : schema_mode = rfc2307
        idmap config  DOMAIN  : backend = rid
        idmap config  DOMAIN  : range = 2000000-2999999
        idmap config * : backend = tdb


[Share]
        case sensitive = Yes
        comment =  Share
        create mask = 0644
        directory mask = 0775
        path = /srv/samba/Share
        read only = No

Am Mi., 19. Jan. 2022 um 17:52 Uhr schrieb Rowland Penny via samba <
samba at lists.samba.org>:
>
> Would you mind running the 'testparm' command again, but this time
> without the '-v' ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hi Eric, did you ever get your authentication working again? I?m curious what
you did if you did.

-Perttu
> On 20. Jan 2022, at 8.46, Eric Lehmann via samba <samba at
lists.samba.org> wrote:
> 
> Rowland, here it is:
> 
> testparm
> Load smb config files from /etc/samba/smb.conf
> lpcfg_do_global_parameter: WARNING: The "lanman auth" option is
deprecated
> lpcfg_do_global_parameter: WARNING: The "client NTLMv2 auth"
option is
> deprecated
> Loaded services file OK.
> Weak crypto is allowed
> 
> Server role: ROLE_DOMAIN_MEMBER
> 
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
>        client min protocol = NT1
>         server min protocol = NT1
>        client NTLMv2 auth = No
>        kerberos method = secrets and keytab
>        lanman auth = Yes
>        ntlm auth = ntlmv1-permitted
>        security = ADS
>        workgroup = DOMAIN
>        realm =  DOMAIN.INTERN
>        template homedir = /home/%U
>        log file = /var/log/samba/%m.log
>        template shell = /bin/bash
>        winbind nss info = rfc2307
>        winbind offline logon = Yes
>        winbind refresh tickets = Yes
>        winbind use default domain = Yes
>        idmap config * : range = 10000-999999
>        idmap config  DOMAIN  : unix_primary_group = yes
>        idmap config  DOMAIN  : unix_nss_info = yes
>        idmap config  DOMAIN  : schema_mode = rfc2307
>        idmap config  DOMAIN  : backend = rid
>        idmap config  DOMAIN  : range = 2000000-2999999
>        idmap config * : backend = tdb
> 
> 
> [Share]
>        case sensitive = Yes
>        comment =  Share
>        create mask = 0644
>        directory mask = 0775
>        path = /srv/samba/Share
>        read only = No
> 
> Am Mi., 19. Jan. 2022 um 17:52 Uhr schrieb Rowland Penny via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org>>:
> 
>> 
>> Would you mind running the 'testparm' command again, but this
time
>> without the '-v' ?
>> 
>> Rowland
>> 
>> 
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
<https://lists.samba.org/mailman/options/samba>