Hi, When I upgraded from Fedora 22 to Fedora 25 my Win10 box lost the ability to connect to shares on the F25 box. The F25 box can still access shares on the Win10 box. F25 is currently running Samba 4.5.13 and I have a simple workgroup setup. Let's call the Win10 box 'fred' and the F25 box 'ethel'. When fred tries to access a share on ethel, I am prompted for username and password. I enter 'daw' and the password and am re-prompted for username and password. Username 'daw' is in the Samba password file and the password is verified to be the one I entered on fred. I've been testing with firewalls on both boxes disabled. Running Wireshark on ethel, I see that fred is actually sending "fred\daw" as the username. Is this the problem, and if so, how can I fix it? Regards, D Wyatt --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Hi, Am 18.09.2017 um 05:31 schrieb Doug Wyatt via samba:> When I upgraded from Fedora 22 to Fedora 25 my Win10 box lost the > ability to connect to shares on the F25 box. The F25 box can still > access shares on the Win10 box. > > F25 is currently running Samba 4.5.13 and I have a simple workgroup > setup. Let's call the Win10 box 'fred' and the F25 box 'ethel'. > > Is this the problem, and if so, how can I fix it?* What was the Samba version you are were updating from? Have you read the changelogs of the releases between? Things that affects your setup may have changed. https://wiki.samba.org/index.php/Updating_Samba#The_Update_Process * Is the Samba user database still stored in the path where the new Samba version expects it? * Please let us see your smb.conf. * What does the log file say, why access is denied. Increase the log level, if necessary. https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server#Setting_a_Universal_Log_Level Regards, Marc
On 9/18/2017 12:51 AM, Marc Muehlfeld via samba wrote:> Hi, > > Am 18.09.2017 um 05:31 schrieb Doug Wyatt via samba: >> When I upgraded from Fedora 22 to Fedora 25 my Win10 box lost the >> ability to connect to shares on the F25 box. The F25 box can still >> access shares on the Win10 box. >> >> F25 is currently running Samba 4.5.13 and I have a simple workgroup >> setup. Let's call the Win10 box 'fred' and the F25 box 'ethel'. >> >> Is this the problem, and if so, how can I fix it? > > * What was the Samba version you are were updating from? Have you read > the changelogs of the releases between? Things that affects your setup > may have changed. > > https://wiki.samba.org/index.php/Updating_Samba#The_Update_Process > > * Is the Samba user database still stored in the path where the new > Samba version expects it? > > * Please let us see your smb.conf. > > * What does the log file say, why access is denied. Increase the log > level, if necessary. > > > https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server#Setting_a_Universal_Log_Level > > > Regards, > Marc > >Thanks for your response. I believe the Samba version in Fedora 22 was 4.2. I haven't had time to review change logs, yet. The user database has been recreated from scratch using pdbedit, so I assume it is appropriate at /var/lib/samba/private/passdb.tdb. Also, I just deleted the entry for user "daw" and recreated it to ensure that the password is correct. A current version of my smb.conf can be viewed at: <https://da.gd/YdmZy> The last few lines from the log file with the log levels shown in the smb.conf ... [2017/09/19 04:34:09.265498, 10, pid=29062, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1262923615-2689791783-523174309-1003 from rid 1003 [2017/09/19 04:34:09.265546, 5, pid=29062, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:813(tdb_update_samacct_only) Storing account daw with RID 1003 [2017/09/19 04:34:09.265574, 10, pid=29062, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:947(tdb_update_sam) tdb_update_sam: Updating key for RID 1003 [2017/09/19 04:34:09.265608, 5, pid=29062, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password) check_ntlm_password: sam authentication for user [daw] FAILED with error NT_STATUS_WRONG_PASSWORD [2017/09/19 04:34:09.265644, 2, pid=29062, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [daw] -> [daw] FAILED with error NT_STATUS_WRONG_PASSWORD So, at lest I know the username is getting across correctly. Regards, Doug --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
On 9/19/2017 5:11 AM, Doug Wyatt via samba wrote:> > > On 9/18/2017 12:51 AM, Marc Muehlfeld via samba wrote: >> Hi, >> >> Am 18.09.2017 um 05:31 schrieb Doug Wyatt via samba: >>> When I upgraded from Fedora 22 to Fedora 25 my Win10 box lost the >>> ability to connect to shares on the F25 box. The F25 box can still >>> access shares on the Win10 box. >>> >>> F25 is currently running Samba 4.5.13 and I have a simple workgroup >>> setup. Let's call the Win10 box 'fred' and the F25 box 'ethel'. >>> >>> Is this the problem, and if so, how can I fix it? >> >> * What was the Samba version you are were updating from? Have you read >> the changelogs of the releases between? Things that affects your setup >> may have changed. >> >> https://wiki.samba.org/index.php/Updating_Samba#The_Update_Process >> >> * Is the Samba user database still stored in the path where the new >> Samba version expects it? >> >> * Please let us see your smb.conf. >> >> * What does the log file say, why access is denied. Increase the log >> level, if necessary. >> >> >> https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server#Setting_a_Universal_Log_Level >> >> >> Regards, >> Marc >> >> > > Thanks for your response. > > I believe the Samba version in Fedora 22 was 4.2. I haven't had time to > review change logs, yet. > > The user database has been recreated from scratch using pdbedit, so I > assume it is appropriate at /var/lib/samba/private/passdb.tdb. Also, > I just deleted the entry for user "daw" and recreated it to ensure that > the password is correct. > > A current version of my smb.conf can be viewed at: > <https://da.gd/YdmZy> > > The last few lines from the log file with the log levels shown in the > smb.conf ... > > [2017/09/19 04:34:09.265498, 10, pid=29062, effective(0, 0), real(0, 0), > class=passdb] > ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-1262923615-2689791783-523174309-1003 > from rid 1003 > [2017/09/19 04:34:09.265546, 5, pid=29062, effective(0, 0), real(0, 0), > class=passdb] ../source3/passdb/pdb_tdb.c:813(tdb_update_samacct_only) > Storing account daw with RID 1003 > [2017/09/19 04:34:09.265574, 10, pid=29062, effective(0, 0), real(0, 0), > class=passdb] ../source3/passdb/pdb_tdb.c:947(tdb_update_sam) > tdb_update_sam: Updating key for RID 1003 > [2017/09/19 04:34:09.265608, 5, pid=29062, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password) > check_ntlm_password: sam authentication for user [daw] > FAILED with error NT_STATUS_WRONG_PASSWORD > [2017/09/19 04:34:09.265644, 2, pid=29062, effective(0, 0), real(0, 0), > class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password) > check_ntlm_password: Authentication for user [daw] -> [daw] > FAILED with error NT_STATUS_WRONG_PASSWORD > > So, at lest I know the username is getting across correctly. > > Regards, > Doug >Okay, I found a solution on a web forum ... Changing local policy on Windows 10 to only allow NTLMv2 for authentication. Change the value of { Local Policies->Security Options ->Network Security:AN Manager authentication level } to 'Send NTLMv2 response only. Refuse LM & NTLM' With that, Win10 connected to the shares on the F25 box with no fuss. Regards, Doug --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus