samba - Jun 2017 - XP error code 1326 on share (but smbclient works)

Hi all,
  I am new to this list and I am not an expert, so please be patient
with me :-)

I am trying to make a samba share working, between a samba standalone
server v.4.5.10 (Fedora 25) and a winXP SP3 client.

The share should be writable by an authenticated user.

The share used to work fine in the past, but upgrading to 4.5.10
(presumably from 4.4.14, on Fedora 24) broke something.

At the moment I am trying some simple configuration as:

# cat /etc/samba/smb.conf
[global]
        workgroup = WORKGROUP
        log file = /var/log/samba/%m
        log level = 3

[demo]
        # This share requires authentication to access
        path = /tmp/samba/demo/
        read only = no
        guest ok = no
----------------------------------
I have followed
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server to add
a test user to my system and to samba (username demoUser and same password on
both).

The linux client test (invoked from the server itself) works:

$ smbclient -U demoUser //SERVER_IP_ADDRESS/demo
Enter demoUser's password: 
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.10]
smb: \> ls
  .                                   D        0  Fri Jun  9 17:55:57 2017
  ..                                  D        0  Fri Jun  9 17:37:07 2017
  demo.txt                            N        8  Fri Jun  9 17:55:57 2017

		12297452 blocks of size 1024. 12296844 blocks available
smb: \> quit
----------------------------------

...but the test from winXP fails:
C:\Documents and Settings\demoUser>net use \\SERVER_IP_ADDRESS\demo
/user:demoUser
Invalid username or password for \\SERVER_IP_ADDRESS\demo.

Enter the password for 'demoUser' to connect to
'SERVER_IP_ADDRESS':
Enter the password for 'demoUser' to connect to
'SERVER_IP_ADDRESS':
System error 1326.

Error during access: unknown username or invalid password.

(Note that some translations are mine from Italian to English and could not be
perfectly correct).
(Note that it asks me two times for the password, is this normal?)
-------------------------------------------------------------------

I was about to think about some network related problems, but it used to work
before the upgrade and the network config is not changed in the meantime, as far
as I know.

I get two logs (why? I would expect one, instead of two different logs... maybe
this is the point I don't understand): one's name is the client ip
address, the second's name is the Win computer name.

I attach part of the logs (which seems relevant to me), let me know if I have to
provide the complete one or use a higher debug level.

Linux firewall is disabled.
Linux SE Policy is disabled.
Win antivirus is disabled.

I have found something similar on the list:
https://lists.samba.org/archive/samba/2005-September/110693.html
...but didn't help me.

Can anybody please help me, even by simply giving me some hints to point me in
the right direction to do a deeper investigation?

Thank you very, very much in advance,
best regards

Andrea
-------------- next part --------------
"IP" named log contains:
  check_ntlm_password:  Checking password for unmapped user
[]\[]@[WIN_COMPUTER_NAME] with the new password interface
[2017/06/09 19:05:55.578269,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is:
[LINUX_COMPUTER_NAME]\[]@[WIN_COMPUTER_NAME]
[2017/06/09 19:05:55.578277,  3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
  check_ntlm_password: guest authentication for user [] succeeded
----------------------------------------------------------------------

"WIN_COMPUTER_NAME" named log contains:
[2017/06/09 19:10:02.289429,  3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[]\[]@[WIN_COMPUTER_NAME] with the new password interface
[2017/06/09 19:10:02.289435,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is:
[LINUX_COMPUTER_NAME]\[]@[WIN_COMPUTER_NAME]
[2017/06/09 19:10:02.289444,  3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
  check_ntlm_password: guest authentication for user [] succeeded
[...]
[2017/06/09 19:10:02.290372,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from win_computer_name (WIN_IP_ADDRESS)
[2017/06/09 19:10:02.290402,  3]
../source3/smbd/service.c:576(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[...]
[2017/06/09 19:10:02.290482,  3]
../source3/smbd/service.c:822(make_connection_snum)
  win_computer_name (ipv4:WIN_IP_ADDRESS:1450) connect to service IPC$ initially
as user nobody (uid=99, gid=99) (pid 29891)
[2017/06/09 19:10:02.290507,  3] ../source3/smbd/reply.c:1139(reply_tcon_and_X)
  tconX service=IPC$ 
[2017/06/09 19:10:02.291258,  3] ../source3/smbd/msdfs.c:1010(get_referred_path)
  get_referred_path: |demo| in dfs path \SERVER_IP_ADDRESS\demo is not a dfs
root.
[2017/06/09 19:10:02.291269,  3] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/trans2.c(9155) cmd=50 (SMBtrans2)
NT_STATUS_NOT_FOUND
[...]
[2017/06/09 19:10:02.292653,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xa2088207
[...]
  Got user=[demoUser] domain=[WIN_COMPUTER_NAME] workstation=[WIN_COMPUTER_NAME]
len1=24 len2=24
[...]
[2017/06/09 19:10:02.294093,  3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[WIN_COMPUTER_NAME]\[demoUser]@[WIN_COMPUTER_NAME] with the new password
interface
[2017/06/09 19:10:02.294115,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is:
[LINUX_COMPUTER_NAME]\[demoUser]@[WIN_COMPUTER_NAME]
[2017/06/09 19:10:02.294297,  3]
../source3/passdb/lookup_sid.c:1645(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for demoUser
[2017/06/09 19:10:02.294333,  2]
../libcli/auth/ntlm_check.c:424(ntlm_password_check)
  ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user demoUser
[2017/06/09 19:10:02.294341,  3]
../libcli/auth/ntlm_check.c:431(ntlm_password_check)
  ntlm_password_check: NEITHER LanMan nor NT password supplied for user demoUser
[2017/06/09 19:10:02.294411,  2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [demoUser] -> [demoUser]
FAILED with error NT_STATUS_WRONG_PASSWORD
[2017/06/09 19:10:02.294422,  2]
../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
[2017/06/09 19:10:02.294444,  3] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/sesssetup.c(277) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[...]
[2017/06/09 19:10:13.201964,  3]
../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (failed to receive smb request)

On Fri, 09 Jun 2017 19:35:08 +0200
Andrea Vai via samba <samba at lists.samba.org> wrote:
> Hi all,
>   I am new to this list and I am not an expert, so please be patient
> with me :-)
> 
> I am trying to make a samba share working, between a samba standalone
> server v.4.5.10 (Fedora 25) and a winXP SP3 client.
> 
> The share should be writable by an authenticated user.
> 
> The share used to work fine in the past, but upgrading to 4.5.10
> (presumably from 4.4.14, on Fedora 24) broke something.
> 
> At the moment I am trying some simple configuration as:
> 
> # cat /etc/samba/smb.conf
> [global]
>         workgroup = WORKGROUP
>         log file = /var/log/samba/%m
>         log level = 3
> 
> [demo]
>         # This share requires authentication to access
>         path = /tmp/samba/demo/
>         read only = no
>         guest ok = no
> ----------------------------------
> I have followed
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
> to add a test user to my system and to samba (username demoUser and
> same password on both).
> 
> The linux client test (invoked from the server itself) works:
> 
> $ smbclient -U demoUser //SERVER_IP_ADDRESS/demo
> Enter demoUser's password: 
> Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.10]
> smb: \> ls
>   .                                   D        0  Fri Jun  9 17:55:57
> 2017 ..                                  D        0  Fri Jun  9
> 17:37:07 2017 demo.txt                            N        8  Fri
> Jun  9 17:55:57 2017
> 
> 		12297452 blocks of size 1024. 12296844 blocks
> available smb: \> quit
> ----------------------------------
> 
> ...but the test from winXP fails:
> C:\Documents and Settings\demoUser>net use
> \\SERVER_IP_ADDRESS\demo /user:demoUser Invalid username or password
> for \\SERVER_IP_ADDRESS\demo.
> 
> Enter the password for 'demoUser' to connect to
'SERVER_IP_ADDRESS':
> Enter the password for 'demoUser' to connect to
'SERVER_IP_ADDRESS':
> System error 1326.
> 
> Error during access: unknown username or invalid password.
> 
> (Note that some translations are mine from Italian to English and
> could not be perfectly correct). (Note that it asks me two times for
> the password, is this normal?)
> -------------------------------------------------------------------
> 
> I was about to think about some network related problems, but it used
> to work before the upgrade and the network config is not changed in
> the meantime, as far as I know.
> 
> I get two logs (why? I would expect one, instead of two different
> logs... maybe this is the point I don't understand): one's name is
> the client ip address, the second's name is the Win computer name.
> 
> I attach part of the logs (which seems relevant to me), let me know
> if I have to provide the complete one or use a higher debug level.
> 
> Linux firewall is disabled.
> Linux SE Policy is disabled.
> Win antivirus is disabled.
> 
> I have found something similar on the list:
> https://lists.samba.org/archive/samba/2005-September/110693.html
> ...but didn't help me.
> 
> Can anybody please help me, even by simply giving me some hints to
> point me in the right direction to do a deeper investigation?
> 
> Thank you very, very much in advance,
> best regards
> 
> Andrea
Try adding 'ntlm auth = yes' to smb.conf and restart Samba.
It was changed from 'yes' to 'no' with 4.5.0

Rowland

Am 09.06.2017 um 19:55 schrieb Rowland Penny via samba:
>> Can anybody please help me, even by simply giving me some hints to
>> point me in the right direction to do a deeper investigation?
>>
>> Thank you very, very much in advance,
>> best regards
> 
> Try adding 'ntlm auth = yes' to smb.conf and restart Samba.
> It was changed from 'yes' to 'no' with 4.5.0
don't sacrifice server configs for clients which should not exist at all
https://www.imss.caltech.edu/node/396

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword:00000005
___________________________

winxp is fine after that with this settings

  lm announce = no
  lanman auth = no
  ntlm auth = no
  client lanman auth = no
  client ntlmv2 auth = yes