Tygre
2024-Mar-05 01:10 UTC
[Samba] Cannot Get Samba to Work Without Encrypted Password with Legacy Client
Hi there, I have looked for a solution to my problem on the Internet (and in particular this mailing list), but couldn't find one, probably due to searching for the wrong thing :-) I have an RPI running Samba version 4.9.5-Debian. "pdbedit -L" shows that the user "smbuser" exists. I used "smbpassword" to set the password of "smbuser". I also have several "old" computers that I want to connect to this RPI using Samba. I managed to get an Amiga connected to the Samba server, by adding the directive "ntlm auth = yes" to "smb.conf". But, I cannot get a NeXTstation to connect to the server. It seems to me that, because the client on the NeXTstation only deals with unencrypted passwords, the server is unable to verify the username/password. I tried using the directive "encrypt passwords = no", but then neither the Amiga nor the NeXTstation can connect, with the error: "FAILED with error NT_STATUS_LOGON_FAILURE". I don't understand why, by forcing unencrypted passwords, the server cannot find the username/password (anymore). I must be missing to allow the Samba server to work with unencrypted password. Could anyone help? Thanks in advance! Tygre PS. I do know that unencrypted passwords are unsecure and a bad idea but, right now, I'd like both my Amiga and NeXTstation to connect, before "hardening" the server. PPS. I join my "smb.conf", working with the Amiga (not the NeXTstation) and the log when trying to connect from the NeXTstation. ----------------------------------------- Scientific Progress Goes Boing! http://www.chingu.asia/wiki ----------------------------------------- -------------- next part -------------- [global] log file = /var/log/samba/log.%m log level = 1 auth:5 winbind:5 max log size = 1000 logging = file server role = standalone server workgroup = GIB # security = user # encrypt passwords = no ntlm auth = yes # client lanman auth = yes # client ntlmv2 auth = no map to guest = bad user dos charset = CP850 unix charset = UTF-8 [Archives] path = /media/Archives writeable = Yes create mask = 0777 directory mask = 0777 -------------- next part -------------- [2024/03/03 17:00:33.281085, 5] ../source3/auth/auth.c:536(make_auth3_context_for_ntlm) Making default auth method list for server role = 'standalone server', encrypt passwords = yes [2024/03/03 17:00:33.284126, 5] ../source3/auth/auth.c:412(load_auth_module) load_auth_module: Attempting to find an auth method to match anonymous [2024/03/03 17:00:33.286241, 5] ../source3/auth/auth.c:437(load_auth_module) load_auth_module: auth method anonymous has a valid init [2024/03/03 17:00:33.287295, 5] ../source3/auth/auth.c:412(load_auth_module) load_auth_module: Attempting to find an auth method to match sam_ignoredomain [2024/03/03 17:00:33.289479, 5] ../source3/auth/auth.c:437(load_auth_module) load_auth_module: auth method sam_ignoredomain has a valid init [2024/03/03 17:00:33.291585, 5] ../source3/auth/auth_util.c:290(make_user_info_for_reply) make_user_info_for_reply: User passwords not in encrypted format. [2024/03/03 17:00:33.294426, 5] ../source3/auth/user_info.c:64(make_user_info) attempting to make a user_info for smbuser (smbuser) [2024/03/03 17:00:33.296633, 5] ../source3/auth/user_info.c:72(make_user_info) making strings for smbuser's user_info struct [2024/03/03 17:00:33.299024, 5] ../source3/auth/user_info.c:125(make_user_info) making blobs for smbuser's user_info struct [2024/03/03 17:00:33.311777, 5] ../source3/auth/auth_util.c:122(make_user_info_map) Mapping user [WORKGROUP]\[smbuser] from workstation [daeumyeog] [2024/03/03 17:00:33.314940, 5] ../source3/auth/user_info.c:64(make_user_info) attempting to make a user_info for smbuser (smbuser) [2024/03/03 17:00:33.317880, 5] ../source3/auth/user_info.c:72(make_user_info) making strings for smbuser's user_info struct [2024/03/03 17:00:33.320923, 5] ../source3/auth/user_info.c:125(make_user_info) making blobs for smbuser's user_info struct [2024/03/03 17:00:33.324021, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[smbuser]@[daeumyeog] with the new password interface [2024/03/03 17:00:33.326162, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password) check_ntlm_password: mapped user is: [WORKGROUP]\[smbuser]@[daeumyeog] [2024/03/03 17:00:33.336022, 5] ../source3/auth/auth.c:251(auth_check_ntlm_password) auth_check_ntlm_password: sam_ignoredomain authentication for user [smbuser] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1 [2024/03/03 17:00:33.339780, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password) check_ntlm_password: Authentication for user [smbuser] -> [smbuser] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
Andrew Bartlett
2024-Mar-05 01:24 UTC
[Samba] Cannot Get Samba to Work Without Encrypted Password with Legacy Client
On Mon, 2024-03-04 at 20:10 -0500, Tygre via samba wrote:> Hi there, > I have looked for a solution to my problem on the Internet (and > in particular this mailing list), but couldn't find one, probably due > to searching for the wrong thing :-) > I have an RPI running Samba version 4.9.5-Debian. "pdbedit -L" > shows that the user "smbuser" exists. I used "smbpassword" to set the > password of "smbuser". I also have several "old" computers that I > want to connect to this RPI using Samba. I managed to get an Amiga > connected to the Samba server, by adding the directive "ntlm auth > yes" to "smb.conf". > But, I cannot get a NeXTstation to connect to the server. It > seems to me that, because the client on the NeXTstation only deals > with unencrypted passwords, the server is unable to verify the > username/password. I tried using the directive "encrypt passwords > no", but then neither the Amiga nor the NeXTstation can connect, with > the error: "FAILED with error NT_STATUS_LOGON_FAILURE". > I don't understand why, by forcing unencrypted passwords, the > server cannot find the username/password (anymore). I must be missing > to allow the Samba server to work with unencrypted password. Could > anyone help? > Thanks in advance! Tygre > PS. I do know that unencrypted passwords are unsecure and a bad idea > but, right now, I'd like both my Amiga and NeXTstation to connect, > before "hardening" the server.PPS. I join my "smb.conf", working with > the Amiga (not the NeXTstation) and the log when trying to connect > from the NeXTstation.You would be best to just use guest access and IP restrictions, but if you want a password it will be checking it against PAM, not the smbpasswd file. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions
Seemingly Similar Threads
- Cannot Get Samba to Work Without Encrypted Password with Legacy Client
- Cannot Get Samba to Work Without Encrypted Password with Legacy Client
- Cannot Get Samba to Work Without Encrypted Password with Legacy Client
- Cannot Get Samba to Work Without Encrypted Password with Legacy Client
- Samba Share with user and no password