I have some old boxes called Auditron that use an ancient version of Windows CE. These clients worked fine on Fedora 19 with Samba 3. I have now upgraded to Fedora 22 and Samba 4, and now these old boxes no longer connect. This is the config file I am using that was working fine: # Global parameters [global] netbios name = MEDIA server string = %v Samba on %h interfaces = 172.16.2.3/255.255.255.0 bind interfaces only = Yes security = USER map to guest = Bad User private dir = /opt/samba-media/private passdb backend = tdbsam:/opt/samba-media/private/passdb.tdb lanman auth = Yes max log size = 100000 write raw = No unix extensions = No deadtime = 1 keepalive = 30 load printers = No wins support = Yes lock directory = /opt/samba-media/var/locks state directory = /opt/samba-media/var/locks/state cache directory = /opt/samba-media/var/locks/cache pid directory = /opt/samba-media/var/locks ncalrpc dir = /opt/samba-media/ncalrpc winbindd socket directory = /opt/samba-media/var/winbindd winbindd privileged socket directory = /opt/samba-media/var/winbindd_privileged idmap config * : backend = tdb use client driver = Yes case sensitive = No [audio] comment = Audio path = /export/home2/media/audio force user = media force group = users group = users create mask = 0775 force create mode = 0664 force directory mode = 0664 guest ok = Yes wide links = Yes log file: [2016/04/15 21:22:00.380811, 3] ../libcli/auth/ntlm_check.c:443(ntlm_password_check) ntlm_password_check: Lanman passwords NOT PERMITTED for user atron [2016/04/15 21:22:00.380816, 4] ../libcli/auth/ntlm_check.c:480(ntlm_password_check) ntlm_password_check: Checking LMv2 password with domain [2016/04/15 21:22:00.380828, 4] ../libcli/auth/ntlm_check.c:509(ntlm_password_check) ntlm_password_check: Checking LMv2 password with upper-cased version of domain [2016/04/15 21:22:00.380834, 4] ../libcli/auth/ntlm_check.c:537(ntlm_password_check) ntlm_password_check: Checking LMv2 password without a domain [2016/04/15 21:22:00.380840, 4] ../libcli/auth/ntlm_check.c:568(ntlm_password_check) ntlm_password_check: Checking NT MD4 password in LM field [2016/04/15 21:22:00.380861, 3] ../libcli/auth/ntlm_check.c:587(ntlm_password_check) ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user atron Did Samba 4 drop all support for lanman authorization? Googling the error messages, the supposed solution is to add lanman auth = yes and restart, but I already have that. The user is in the smbpasswd file. Thanks for any help
On Fri, 2016-04-15 at 22:02 -0500, Samba user wrote:> I have some old boxes called Auditron that use an ancient version of > Windows CE. These clients worked fine on Fedora 19 with Samba 3. > > I have now upgraded to Fedora 22 and Samba 4, and now these old boxes > no > longer connect.> log file: > [2016/04/15 21:22:00.380811, 3] > ../libcli/auth/ntlm_check.c:443(ntlm_password_check) > ntlm_password_check: Lanman passwords NOT PERMITTED for user atron > [2016/04/15 21:22:00.380816, 4]> > Did Samba 4 drop all support for lanman authorization? > > Googling the error messages, the supposed solution is to add lanman > auth > = yes and restart, but I already have that. The user is in the > smbpasswd file.Yes, but do they have an LM password stored? We don't store them if lanman auth is disabled, so you have to set the password again to store the weaker hash. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Possibly Parallel Threads
- SAMBA Interdomain Trust relationships
- samba bad password count reset between logins (not loaded from login_cache.tdb)
- samba bad password count reset between logins (not loaded from login_cache.tdb)
- Password trouble with LDAP (eDirectory)
- samba bad password count reset between logins (not loaded from login_cache.tdb)