Andrew Bartlett
2024-Mar-05 01:24 UTC
[Samba] Cannot Get Samba to Work Without Encrypted Password with Legacy Client
On Mon, 2024-03-04 at 20:10 -0500, Tygre via samba wrote:> Hi there, > I have looked for a solution to my problem on the Internet (and > in particular this mailing list), but couldn't find one, probably due > to searching for the wrong thing :-) > I have an RPI running Samba version 4.9.5-Debian. "pdbedit -L" > shows that the user "smbuser" exists. I used "smbpassword" to set the > password of "smbuser". I also have several "old" computers that I > want to connect to this RPI using Samba. I managed to get an Amiga > connected to the Samba server, by adding the directive "ntlm auth > yes" to "smb.conf". > But, I cannot get a NeXTstation to connect to the server. It > seems to me that, because the client on the NeXTstation only deals > with unencrypted passwords, the server is unable to verify the > username/password. I tried using the directive "encrypt passwords > no", but then neither the Amiga nor the NeXTstation can connect, with > the error: "FAILED with error NT_STATUS_LOGON_FAILURE". > I don't understand why, by forcing unencrypted passwords, the > server cannot find the username/password (anymore). I must be missing > to allow the Samba server to work with unencrypted password. Could > anyone help? > Thanks in advance! Tygre > PS. I do know that unencrypted passwords are unsecure and a bad idea > but, right now, I'd like both my Amiga and NeXTstation to connect, > before "hardening" the server.PPS. I join my "smb.conf", working with > the Amiga (not the NeXTstation) and the log when trying to connect > from the NeXTstation.You would be best to just use guest access and IP restrictions, but if you want a password it will be checking it against PAM, not the smbpasswd file. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions
Tygre
2024-Mar-05 01:45 UTC
[Samba] Cannot Get Samba to Work Without Encrypted Password with Legacy Client
Thank you Andrew for your swift answer. How could I have non-encrypted password exchange between my server and one of my clients (because this seems to me the problem right now)? Best, Tygre On 2024-03-04 20:24, Andrew Bartlett wrote:> On Mon, 2024-03-04 at 20:10 -0500, Tygre via samba wrote: >> Hi there, >> >> I have looked for a solution to my problem on the Internet (and in particular this mailing list), but couldn't find one, probably due to searching for the wrong thing :-) >> >> I have an RPI running Samba version 4.9.5-Debian. "pdbedit -L" shows that the user "smbuser" exists. I used "smbpassword" to set the password of "smbuser". I also have several "old" computers that I want to connect to this RPI using Samba. I managed to get an Amiga connected to the Samba server, by adding the directive "ntlm auth = yes" to "smb.conf". >> >> But, I cannot get a NeXTstation to connect to the server. It seems to me that, because the client on the NeXTstation only deals with unencrypted passwords, the server is unable to verify the username/password. I tried using the directive "encrypt passwords = no", but then neither the Amiga nor the NeXTstation can connect, with the error: "FAILED with error NT_STATUS_LOGON_FAILURE". >> >> I don't understand why, by forcing unencrypted passwords, the server cannot find the username/password (anymore). I must be missing to allow the Samba server to work with unencrypted password. Could anyone help? >> >> Thanks in advance! >> Tygre >> >> PS. I do know that unencrypted passwords are unsecure and a bad idea but, right now, I'd like both my Amiga and NeXTstation to connect, before "hardening" the server. >> PPS. I join my "smb.conf", working with the Amiga (not the NeXTstation) and the log when trying to connect from the NeXTstation. > > You would be best to just use guest access and IP restrictions, but if you want a password it will be checking it against PAM, not the smbpasswd file. > > > Andrew Bartlett > > > -- > > Andrew Bartlett (he/him) https://samba.org/~abartlet/ <https://samba.org/~abartlet/> > Samba Team Member (since 2001) https://samba.org <https://samba.org> > Samba Team Lead https://catalyst.net.nz/services/samba <https://catalyst.net.nz/services/samba> > Catalyst.Net Ltd > > Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company > > Samba Development and Support: https://catalyst.net.nz/services/samba <https://catalyst.net.nz/services/samba> > > Catalyst IT - Expert Open Source Solutions > >-- ----------------------------------------- Scientific Progress Goes Boing! http://www.chingu.asia/wiki -----------------------------------------
Tygre
2024-Mar-09 20:37 UTC
[Samba] Cannot Get Samba to Work Without Encrypted Password with Legacy Client
Hi there, Sorry to come back to that, I tried to follow the code at https://github.com/samba-team/samba/blob/master/source3/auth/auth.c#L214 (and below) but I still can't understand why one Samba client can connect, but the other can't. I can't understand why, with one client, the code would go into "check_samsec.c:183" (and return "sam_account_ok") while, with the other client, the code would go immediately into "auth.c:251" (and fail to login). Could you help me understand, which could maybe give me an idea on configuring Samba for both client to work? Thanks in advance, Yann PS. I'm running *** CAN CONNECT: [2024/03/09 15:16:09.376816, 10, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password) auth_check_ntlm_password: anonymous had nothing to say [2024/03/09 15:16:09.383493, 4, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:183(sam_account_ok) sam_account_ok: Checking SMB password for user smbuser [2024/03/09 15:16:09.386622, 5, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:165(logon_hours_ok) logon_hours_ok: user smbuser allowed to logon at this time (Sat Mar 9 20:16:09 2024 ) [2024/03/09 15:16:09.393510, 5, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/server_info_sam.c:122(make_server_info_sam) make_server_info_sam: made server info for user smbuser -> smbuser [2024/03/09 15:16:09.397225, 3, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:256(auth_check_ntlm_password) auth_check_ntlm_password: sam_ignoredomain authentication for user [SMBUSER] succeeded *** CANNOT CONNECT: [2024/03/09 15:16:15.178909, 10, pid=5931, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password) auth_check_ntlm_password: anonymous had nothing to say [2024/03/09 15:16:15.187847, 5, pid=5931, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password) auth_check_ntlm_password: sam_ignoredomain authentication for user [SMBUSER] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1 On 2024-03-04 20:24, Andrew Bartlett wrote:> On Mon, 2024-03-04 at 20:10 -0500, Tygre via samba wrote: >> Hi there, >> >> I have looked for a solution to my problem on the Internet (and in particular this mailing list), but couldn't find one, probably due to searching for the wrong thing :-) >> >> I have an RPI running Samba version 4.9.5-Debian. "pdbedit -L" shows that the user "smbuser" exists. I used "smbpassword" to set the password of "smbuser". I also have several "old" computers that I want to connect to this RPI using Samba. I managed to get an Amiga connected to the Samba server, by adding the directive "ntlm auth = yes" to "smb.conf". >> >> But, I cannot get a NeXTstation to connect to the server. It seems to me that, because the client on the NeXTstation only deals with unencrypted passwords, the server is unable to verify the username/password. I tried using the directive "encrypt passwords = no", but then neither the Amiga nor the NeXTstation can connect, with the error: "FAILED with error NT_STATUS_LOGON_FAILURE". >> >> I don't understand why, by forcing unencrypted passwords, the server cannot find the username/password (anymore). I must be missing to allow the Samba server to work with unencrypted password. Could anyone help? >> >> Thanks in advance! >> Tygre >> >> PS. I do know that unencrypted passwords are unsecure and a bad idea but, right now, I'd like both my Amiga and NeXTstation to connect, before "hardening" the server. >> PPS. I join my "smb.conf", working with the Amiga (not the NeXTstation) and the log when trying to connect from the NeXTstation. > > You would be best to just use guest access and IP restrictions, but if you want a password it will be checking it against PAM, not the smbpasswd file. > > > Andrew Bartlett > > > -- > > Andrew Bartlett (he/him) https://samba.org/~abartlet/ <https://samba.org/~abartlet/> > Samba Team Member (since 2001) https://samba.org <https://samba.org> > Samba Team Lead https://catalyst.net.nz/services/samba <https://catalyst.net.nz/services/samba> > Catalyst.Net Ltd > > Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company > > Samba Development and Support: https://catalyst.net.nz/services/samba <https://catalyst.net.nz/services/samba> > > Catalyst IT - Expert Open Source Solutions > >-- ----------------------------------------- Scientific Progress Goes Boing! http://www.chingu.asia/wiki -----------------------------------------
Possibly Parallel Threads
- Cannot Get Samba to Work Without Encrypted Password with Legacy Client
- Cannot Get Samba to Work Without Encrypted Password with Legacy Client
- Cannot Get Samba to Work Without Encrypted Password with Legacy Client
- Cannot Get Samba to Work Without Encrypted Password with Legacy Client
- Samba Share with user and no password