[Samba] NT MD4 password check failed

Vincente Aggrippino vaggrippino at gmail.com
Thu Nov 17 09:42:44 GMT 2005

    Thank you for your response.  I did my homework before posting my
question :)

please read below...

On 11/17/05, Pavan krishna <p.krishna at diversityarrays.com> wrote:
> hi,
>       check the permission settings on the share or the home directory,
My home directory permissions are 0755.  It's my home directory, if I
didn't have the necessary permissions, I wouldn't even be able to log
on to the Linux server directly.

>         Check your global settings:
>     logon home = \\%L\%U\.profile
I do have this line in my global settings, but it doesn't have
anything to do with authentication or permissions.  This is only used
if I do something equivalent to NET USE H: /HOME.

>     logon drive = H:
This is only useful if Samba is set up as a login server.

If you log on to a domain and the logon server is a Samba server, then
this drive will already be mapped.  Then, if you open a command prompt
window, you will be in this drive by default.

>   and the permissions on the share:
>  [homes]
>     comment = Home Directories
>     valid users = %U
Actually, the documentation recommends valid users = %S.

The difference in my case is that %U would resolve to valid users =
Vince, but %S would resolve to valid users = vince.

%U would definitely fail in my case because my session username does
not match the name of the current service.  Note that in the case of
the special [homes] section, the share (or service) name is changed
from homes to the located username.

I commented this out completely so that anyone can log in.  Maybe this
is a security problem, but it's a good step for troubleshooting
because it ensures that I'm not prevented from accessing a share by a
mistaken user name.

>     writeable = yes
I have the inverse of this: read only = no

>     browseable = no
>     read only = no
This is redundant.  read only = no is the same as writeable = yes

>     guest ok = no
>     printable = no
I don't have these set, but they're the defaults, so it works out the same way.

>   and it can only be mapped automatically if your PC is the domain
> member else you have to go to run and type "\\samba server name" and see
> whether you are able to see your home directory.
There is no domain.  This is a workgroup.  Please keep in mind that
this whole network is just three computers, including the server.

At this point, all I'm trying to do is see the share by typing \\home.
 When I'm able to do that without being presented with a username and
password prompt, I'll be able to have it mapped automatically by
checking the box on the Windows client that says "Reconnect at logon".

If it was working the way I understand it should, then Samba would
identify my computer as one found in the hosts equiv file and identify
my username, Vince, with vince from my username map file.

It shouldn't try to check the password at all because of the hosts
equiv match, but it's trying to check the password.  Since windows is
sending a username without a password, or with a blank password, the
password check is failing.

home is the name of my server.
The DNS is working because I can ping home from the Windows clients
and get good replies.

>   I used to have this error if the smbpassword is different from the
> Linux Local user password.
When I try to access \\home, I'm presented with a username and
password prompt.  If I type my username (lowercase "vince") and
password as it is for my Linux account on the server, then I have
access to the shares without difficulty.

So, I'm trying to get around typing that username and password, if
possible.  It should be possible, unless I'm misunderstanding the


More information about the samba mailing list