[Samba] Cannot Get Samba to Work Without Encrypted Password with Legacy Client

Tygre tygre.chingu at gmail.com
Sat Mar 9 20:45:59 UTC 2024 

PS. I forgot to add the version information: Version 4.9.5-Debian

On 2024-03-09 15:37, Tygre wrote:
> 
> 	Hi there,
> 
> 	Sorry to come back to that, I tried to follow the code at https://github.com/samba-team/samba/blob/master/source3/auth/auth.c#L214 (and below) but I still can't understand why one Samba client can connect, but the other can't.
> 
> 	I can't understand why, with one client, the code would go into "check_samsec.c:183" (and return "sam_account_ok") while, with the other client, the code would go immediately into "auth.c:251" (and fail to login).
> 
> 	Could you help me understand, which could maybe give me an idea on configuring Samba for both client to work?
> 
> 	Thanks in advance,
> 	Yann
> 
> PS. I'm running
> 
> *** CAN CONNECT:
> 
> [2024/03/09 15:16:09.376816, 10, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
>     auth_check_ntlm_password: anonymous had nothing to say
> [2024/03/09 15:16:09.383493,  4, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:183(sam_account_ok)
>     sam_account_ok: Checking SMB password for user smbuser
> [2024/03/09 15:16:09.386622,  5, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:165(logon_hours_ok)
>     logon_hours_ok: user smbuser allowed to logon at this time (Sat Mar  9 20:16:09 2024
>     )
> [2024/03/09 15:16:09.393510,  5, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/server_info_sam.c:122(make_server_info_sam)
>     make_server_info_sam: made server info for user smbuser -> smbuser
> [2024/03/09 15:16:09.397225,  3, pid=5930, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:256(auth_check_ntlm_password)
>     auth_check_ntlm_password: sam_ignoredomain authentication for user [SMBUSER] succeeded
> 
> *** CANNOT CONNECT:
> 
> [2024/03/09 15:16:15.178909, 10, pid=5931, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:237(auth_check_ntlm_password)
>     auth_check_ntlm_password: anonymous had nothing to say
> [2024/03/09 15:16:15.187847,  5, pid=5931, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:251(auth_check_ntlm_password)
>     auth_check_ntlm_password: sam_ignoredomain authentication for user [SMBUSER] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
> 
> On 2024-03-04 20:24, Andrew Bartlett wrote:
>> On Mon, 2024-03-04 at 20:10 -0500, Tygre via samba wrote:
>>> 	Hi there,
>>>
>>> 	I have looked for a solution to my problem on the Internet (and in particular this mailing list), but couldn't find one, probably due to searching for the wrong thing :-)
>>>
>>> 	I have an RPI running Samba version 4.9.5-Debian. "pdbedit -L" shows that the user "smbuser" exists. I used "smbpassword" to set the password of "smbuser". I also have several "old" computers that I want to connect to this RPI using Samba. I managed to get an Amiga connected to the Samba server, by adding the directive "ntlm auth = yes" to "smb.conf".
>>>
>>> 	But, I cannot get a NeXTstation to connect to the server. It seems to me that, because the client on the NeXTstation only deals with unencrypted passwords, the server is unable to verify the username/password. I tried using the directive "encrypt passwords = no", but then neither the Amiga nor the NeXTstation can connect, with the error: "FAILED with error NT_STATUS_LOGON_FAILURE".
>>>
>>> 	I don't understand why, by forcing unencrypted passwords, the server cannot find the username/password (anymore). I must be missing to allow the Samba server to work with unencrypted password. Could anyone help?
>>>
>>> 	Thanks in advance!
>>> 	Tygre
>>>
>>> PS. I do know that unencrypted passwords are unsecure and a bad idea but, right now, I'd like both my Amiga and NeXTstation to connect, before "hardening" the server.
>>> PPS. I join my "smb.conf", working with the Amiga (not the NeXTstation) and the log when trying to connect from the NeXTstation.
>>
>> You would be best to just use guest access and IP restrictions, but if you want a password it will be checking it against PAM, not the smbpasswd file.
>>
>>
>> Andrew Bartlett
>>
>>
>> -- 
>>
>> Andrew Bartlett (he/him) https://samba.org/~abartlet/ <https://samba.org/~abartlet/>
>> Samba Team Member (since 2001) https://samba.org <https://samba.org>
>> Samba Team Lead https://catalyst.net.nz/services/samba <https://catalyst.net.nz/services/samba>
>> Catalyst.Net Ltd
>>
>> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company
>>
>> Samba Development and Support: https://catalyst.net.nz/services/samba <https://catalyst.net.nz/services/samba>
>>
>> Catalyst IT - Expert Open Source Solutions
>>
>>
> 

-- 
-----------------------------------------
      Scientific Progress Goes Boing!
        http://www.chingu.asia/wiki
-----------------------------------------

More information about the samba mailing list