similar to: Stumbling blocks moving to NTLMv2

I tested NTLMv2 again using the newly created Samba 3.0.2 (I didn't test 3.0.1). It still doesn't seem to work. Has anyone successfully made NTLMv2 work? If so, can I have a working sample of the smb.conf file? I have included below entries in my smb.conf (among other entries): security = server password server = NTDomainController client ntlmv2 auth = yes On both NTDomainController and

Hi all, In my win2k ADS server(mixed mode), I have set the LAN Manager authentication level to Send NTLMv2 response only\refuse LM & NTLM. In the registry, i also set HKLM\System\CurrentControlSet\Control\Lsa|lmcompatibilitylevel --> level 5 (accepts only NTLMv2). Similarly, i also set HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NtlmMinClientSec --> 0x00080000(NTLMv2 Session

Hi: I have Samba 3.0.2a running on Fedora Core 1. This server is set to be Domain PDC and I am looking to have clients attach to it NTLMv2 only. After looking over the man page for smb.conf, I have set the two options that I thought would accomplish: [Global] lanman auth = no ntlm auth = no On the workstation side, I have set HKLM\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel

Hello experts/users, We have a samba server in ubuntu 18.04 LTS with version. apt-cache policy samba samba: Installed: 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 Candidate: 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 All is fine and great. Except one (internet disabled) windows 7 professional PC (sorry we still need to run it for a scientific tool) cannot connect unless I put "ntlm auth = yes" in

Hello. I've just compiled Samba-3.0.0 on Tru-64 5.1b (AKA Digital Unix, AKA OSF) with base security (no shadow passwords) using the native compiler and GNU make. In smb.conf I'm forcing NTLMv2 only: security = user encrypt passwords = yes lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No

Hi, I'm wondering if samba supports NTLMv2, particullary NTLMv2 session security. But I can't even get NTLM-only to work :(. I'm trying to increase lmcompatibilitylevel, but I can't connect to the samba server anymore when I set it to 2 or higher ("Send NTLM authenication only"). I'm using HEAD CVS of today, and my smb.conf looks like this: [global]

Hi, I'm running Samba 3.5.6 with OpenLDAP 2.4.23 (from Debian Squeeze) as PDC. Everything is working fine (Joining Domains, Log on Users) but I'm not able to Log in as Domain Admin. If I try to, the message "Unable to log on ?The User Profile Service service failed the logon. User profile cannot be loaded." (in german: "Fehler bei der Anmeldung mit dem

I discovered the situation. When attempting to logon from Windows 2008R2 to Samba4 is made we can see in Samba smbd log the following important for understanding the situation lines: [2017/11/20 13:25:52.040094, 2, pid=7100, effective(0, 0), real(0, 0)] ../libcli/auth/ntlm_check.c:430(ntlm_password_check) ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user <username> [2017/11/20

Thanks all for helping with this and for script Still no luck though. I've modified scripts as they had some bugs, my output and modified version at the end. As I mentioned, I don't have any issues with joining samba 4.1 or 4.2 in the lab, only on that site. >> if so, try the following. >> in resolv.conf, add >> search mynat.myco.bcu myco.bcu I haven't tried

Am 09.06.2017 um 19:55 schrieb Rowland Penny via samba: >> Can anybody please help me, even by simply giving me some hints to >> point me in the right direction to do a deeper investigation? >> >> Thank you very, very much in advance, >> best regards > > Try adding 'ntlm auth = yes' to smb.conf and restart Samba. > It was changed from 'yes'

Thanks Andrew for the answer. But even if I enable Windows XP to use NTLMv2 (using Regedit on (HKEY_LOCAL_MACHINE/SYSTEM/CURRENTCONTROLSET/CONTROL/LSA LMCOMPATIBILITYLEVEL to 5) and adding "ntlm auth = ntlmv1-permitted" to my smb.conf Still the same error. (No *more connections can* be *made* to this remote computer at this time) in versions higher than 4.10. Any ideas? Best Regards

On Tue, 16 Jun 2020, Rowland penny via samba wrote: > On 16/06/2020 12:41, Harald Hannelius via samba wrote: >> I have Samba AD-domain with two fileservers and two Samba DS-servers. Most >> people can authenticate OK, but one user always gets "wrong password". > What versions of Samba ? All servers are 4.9.5-Debian. >> Auth: [SMB2,(null)] user [SAD]\[username]

On 08/06/15 13:08, L.P.H. van Belle wrote: > Hai, > > After reading all below i can only conclude this must be firewalling, as Rowland is saying also. > > check if all of these ports are acceccable for the server your trying to join. > > tcp 0 0 192.168.X.1:1024 0.0.0.0:* LISTEN 2146/samba > tcp 0 0 192.168.X.1:135 0.0.0.0:*

Thanks Rowland. I understand smb.conf is bit messy and can affect performance but it should not prevent me from joining domain. Here you go: [global] workgroup = MYNAT realm = MYNAT.MYCO.BCU server string = My server %h security = ADS password server = dc1001.mynat.myco.bcu map to guest = Bad User obey pam restrictions = Yes pam

On 03/06/15 22:04, ivenhov wrote: > Thanks Rowland. > I understand smb.conf is bit messy and can affect performance but it should > not prevent me from joining domain. > > Here you go: > > [global] > workgroup = MYNAT > realm = MYNAT.MYCO.BCU > server string = My server %h > security = ADS > password server =

Hai, After reading all below i can only conclude this must be firewalling, as Rowland is saying also. check if all of these ports are acceccable for the server your trying to join. tcp 0 0 192.168.X.1:1024 0.0.0.0:* LISTEN 2146/samba tcp 0 0 192.168.X.1:135 0.0.0.0:* LISTEN 2146/samba tcp 0 0 192.168.X.1:139

I reproduced error WERR_DEFAULT_JOIN_REQUIRED in two scenarios: - user account that is used to join machine to domain is not part of Domain Admin group. - OU path for computer (specified in createcomputer) is invalid In both of those cases I'm getting detailed error messages: 'insufficient access' and 'invalid path' respectively but on customer site I'm always getting:

On 03/06/15 21:29, ivenhov wrote: > I reproduced error WERR_DEFAULT_JOIN_REQUIRED in two scenarios: > - user account that is used to join machine to domain is not part of Domain > Admin group. > - OU path for computer (specified in createcomputer) is invalid > > In both of those cases I'm getting detailed error messages: 'insufficient > access' and 'invalid

I've made all changes to 3 files you mentioned, also removed everything except localhost in hosts file. SO I have minimal smb.conf and minimal krb5 file Unfortunately error is still the same. If I try to join with full OU path I get kerberos_kinit_password testuser at MYNAT.MYCO.BCU failed: Cannot contact any KDC for requested realm libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx

Hi all, I'm running Samba 4.1.6 with Ubuntu 14.04.1 LTS on a Power 8 box. Here is my smb.conf file: [global] client lanman auth = yes client ntlmv2 auth = no lanman auth = yes netbios name = myName map untrusted to domain = yes log level = 3 [myshare] path = /home/myuser/myshare available = yes valid users = myuser read only = no browseable = yes public = yes writable = yes When I try to