Andrea Vai
2017-Jun-09 17:35 UTC
[Samba] XP error code 1326 on share (but smbclient works)
Hi all, I am new to this list and I am not an expert, so please be patient with me :-) I am trying to make a samba share working, between a samba standalone server v.4.5.10 (Fedora 25) and a winXP SP3 client. The share should be writable by an authenticated user. The share used to work fine in the past, but upgrading to 4.5.10 (presumably from 4.4.14, on Fedora 24) broke something. At the moment I am trying some simple configuration as: # cat /etc/samba/smb.conf [global] workgroup = WORKGROUP log file = /var/log/samba/%m log level = 3 [demo] # This share requires authentication to access path = /tmp/samba/demo/ read only = no guest ok = no ---------------------------------- I have followed https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server to add a test user to my system and to samba (username demoUser and same password on both). The linux client test (invoked from the server itself) works: $ smbclient -U demoUser //SERVER_IP_ADDRESS/demo Enter demoUser's password: Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.10] smb: \> ls . D 0 Fri Jun 9 17:55:57 2017 .. D 0 Fri Jun 9 17:37:07 2017 demo.txt N 8 Fri Jun 9 17:55:57 2017 12297452 blocks of size 1024. 12296844 blocks available smb: \> quit ---------------------------------- ...but the test from winXP fails: C:\Documents and Settings\demoUser>net use \\SERVER_IP_ADDRESS\demo /user:demoUser Invalid username or password for \\SERVER_IP_ADDRESS\demo. Enter the password for 'demoUser' to connect to 'SERVER_IP_ADDRESS': Enter the password for 'demoUser' to connect to 'SERVER_IP_ADDRESS': System error 1326. Error during access: unknown username or invalid password. (Note that some translations are mine from Italian to English and could not be perfectly correct). (Note that it asks me two times for the password, is this normal?) ------------------------------------------------------------------- I was about to think about some network related problems, but it used to work before the upgrade and the network config is not changed in the meantime, as far as I know. I get two logs (why? I would expect one, instead of two different logs... maybe this is the point I don't understand): one's name is the client ip address, the second's name is the Win computer name. I attach part of the logs (which seems relevant to me), let me know if I have to provide the complete one or use a higher debug level. Linux firewall is disabled. Linux SE Policy is disabled. Win antivirus is disabled. I have found something similar on the list: https://lists.samba.org/archive/samba/2005-September/110693.html ...but didn't help me. Can anybody please help me, even by simply giving me some hints to point me in the right direction to do a deeper investigation? Thank you very, very much in advance, best regards Andrea -------------- next part -------------- "IP" named log contains: check_ntlm_password: Checking password for unmapped user []\[]@[WIN_COMPUTER_NAME] with the new password interface [2017/06/09 19:05:55.578269, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password) check_ntlm_password: mapped user is: [LINUX_COMPUTER_NAME]\[]@[WIN_COMPUTER_NAME] [2017/06/09 19:05:55.578277, 3] ../source3/auth/auth.c:249(auth_check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded ---------------------------------------------------------------------- "WIN_COMPUTER_NAME" named log contains: [2017/06/09 19:10:02.289429, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[WIN_COMPUTER_NAME] with the new password interface [2017/06/09 19:10:02.289435, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password) check_ntlm_password: mapped user is: [LINUX_COMPUTER_NAME]\[]@[WIN_COMPUTER_NAME] [2017/06/09 19:10:02.289444, 3] ../source3/auth/auth.c:249(auth_check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [...] [2017/06/09 19:10:02.290372, 3] ../source3/lib/access.c:338(allow_access) Allowed connection from win_computer_name (WIN_IP_ADDRESS) [2017/06/09 19:10:02.290402, 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path is '/tmp' for service [IPC$] [...] [2017/06/09 19:10:02.290482, 3] ../source3/smbd/service.c:822(make_connection_snum) win_computer_name (ipv4:WIN_IP_ADDRESS:1450) connect to service IPC$ initially as user nobody (uid=99, gid=99) (pid 29891) [2017/06/09 19:10:02.290507, 3] ../source3/smbd/reply.c:1139(reply_tcon_and_X) tconX service=IPC$ [2017/06/09 19:10:02.291258, 3] ../source3/smbd/msdfs.c:1010(get_referred_path) get_referred_path: |demo| in dfs path \SERVER_IP_ADDRESS\demo is not a dfs root. [2017/06/09 19:10:02.291269, 3] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/trans2.c(9155) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [...] [2017/06/09 19:10:02.292653, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xa2088207 [...] Got user=[demoUser] domain=[WIN_COMPUTER_NAME] workstation=[WIN_COMPUTER_NAME] len1=24 len2=24 [...] [2017/06/09 19:10:02.294093, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WIN_COMPUTER_NAME]\[demoUser]@[WIN_COMPUTER_NAME] with the new password interface [2017/06/09 19:10:02.294115, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password) check_ntlm_password: mapped user is: [LINUX_COMPUTER_NAME]\[demoUser]@[WIN_COMPUTER_NAME] [2017/06/09 19:10:02.294297, 3] ../source3/passdb/lookup_sid.c:1645(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for demoUser [2017/06/09 19:10:02.294333, 2] ../libcli/auth/ntlm_check.c:424(ntlm_password_check) ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user demoUser [2017/06/09 19:10:02.294341, 3] ../libcli/auth/ntlm_check.c:431(ntlm_password_check) ntlm_password_check: NEITHER LanMan nor NT password supplied for user demoUser [2017/06/09 19:10:02.294411, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [demoUser] -> [demoUser] FAILED with error NT_STATUS_WRONG_PASSWORD [2017/06/09 19:10:02.294422, 2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_WRONG_PASSWORD [2017/06/09 19:10:02.294444, 3] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/sesssetup.c(277) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [...] [2017/06/09 19:10:13.201964, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (failed to receive smb request)
Rowland Penny
2017-Jun-09 17:55 UTC
[Samba] XP error code 1326 on share (but smbclient works)
On Fri, 09 Jun 2017 19:35:08 +0200 Andrea Vai via samba <samba at lists.samba.org> wrote:> Hi all, > I am new to this list and I am not an expert, so please be patient > with me :-) > > I am trying to make a samba share working, between a samba standalone > server v.4.5.10 (Fedora 25) and a winXP SP3 client. > > The share should be writable by an authenticated user. > > The share used to work fine in the past, but upgrading to 4.5.10 > (presumably from 4.4.14, on Fedora 24) broke something. > > At the moment I am trying some simple configuration as: > > # cat /etc/samba/smb.conf > [global] > workgroup = WORKGROUP > log file = /var/log/samba/%m > log level = 3 > > [demo] > # This share requires authentication to access > path = /tmp/samba/demo/ > read only = no > guest ok = no > ---------------------------------- > I have followed > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server > to add a test user to my system and to samba (username demoUser and > same password on both). > > The linux client test (invoked from the server itself) works: > > $ smbclient -U demoUser //SERVER_IP_ADDRESS/demo > Enter demoUser's password: > Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.10] > smb: \> ls > . D 0 Fri Jun 9 17:55:57 > 2017 .. D 0 Fri Jun 9 > 17:37:07 2017 demo.txt N 8 Fri > Jun 9 17:55:57 2017 > > 12297452 blocks of size 1024. 12296844 blocks > available smb: \> quit > ---------------------------------- > > ...but the test from winXP fails: > C:\Documents and Settings\demoUser>net use > \\SERVER_IP_ADDRESS\demo /user:demoUser Invalid username or password > for \\SERVER_IP_ADDRESS\demo. > > Enter the password for 'demoUser' to connect to 'SERVER_IP_ADDRESS': > Enter the password for 'demoUser' to connect to 'SERVER_IP_ADDRESS': > System error 1326. > > Error during access: unknown username or invalid password. > > (Note that some translations are mine from Italian to English and > could not be perfectly correct). (Note that it asks me two times for > the password, is this normal?) > ------------------------------------------------------------------- > > I was about to think about some network related problems, but it used > to work before the upgrade and the network config is not changed in > the meantime, as far as I know. > > I get two logs (why? I would expect one, instead of two different > logs... maybe this is the point I don't understand): one's name is > the client ip address, the second's name is the Win computer name. > > I attach part of the logs (which seems relevant to me), let me know > if I have to provide the complete one or use a higher debug level. > > Linux firewall is disabled. > Linux SE Policy is disabled. > Win antivirus is disabled. > > I have found something similar on the list: > https://lists.samba.org/archive/samba/2005-September/110693.html > ...but didn't help me. > > Can anybody please help me, even by simply giving me some hints to > point me in the right direction to do a deeper investigation? > > Thank you very, very much in advance, > best regards > > AndreaTry adding 'ntlm auth = yes' to smb.conf and restart Samba. It was changed from 'yes' to 'no' with 4.5.0 Rowland
Reindl Harald
2017-Jun-11 02:06 UTC
[Samba] XP error code 1326 on share (but smbclient works)
Am 09.06.2017 um 19:55 schrieb Rowland Penny via samba:>> Can anybody please help me, even by simply giving me some hints to >> point me in the right direction to do a deeper investigation? >> >> Thank you very, very much in advance, >> best regards > > Try adding 'ntlm auth = yes' to smb.conf and restart Samba. > It was changed from 'yes' to 'no' with 4.5.0don't sacrifice server configs for clients which should not exist at all https://www.imss.caltech.edu/node/396 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "lmcompatibilitylevel"=dword:00000005 ___________________________ winxp is fine after that with this settings lm announce = no lanman auth = no ntlm auth = no client lanman auth = no client ntlmv2 auth = yes
Maybe Matching Threads
- XP error code 1326 on share (but smbclient works)
- Unable_to_migrate_shares_from_AD_to_file_server
- Samba after upgrade+migration, Win7 workstation trusts lost
- NTLM refuses to work on a DC
- samba bad password count reset between logins (not loaded from login_cache.tdb)