[Samba] Connecting from XP to samba shares

Adam Nielsen adam.nielsen at uq.edu.au
Tue Jan 10 23:39:21 GMT 2006

> [2006/01/10 11:37:47, 3] libsmb/ntlm_check.c:ntlm_password_check(455)
>   ntlm_password_check: LM password, NT MD4 password in LM field and
> LMv2 failed for user someuser

Aha, so the password being entered doesn't match the password for
'someuser' - did you remember to 'smbpasswd -a someuser' to give
'someuser' a Samba password?  You have to do that because Samba can't
actually compare a Windows password to the UNIX one (it can't convert
from the Windows hash to the UNIX hash.)

> Hmmm... That might be a good compromise. But doesn't "security=user"
> imply I have to create samba users with the same names (and
> passwords?) as the XP users? Now that I think of it, this doesn't
> make sense if there is a propt for username and password, but I
> believe that's what I've read... Also, how would that work with Win98?

Not necessarily.  If you do create Samba users with the same username
and password then the XP users won't get prompted for a password, but
if you don't create extra users (i.e. their XP username and password
don't work) then XP will prompt them for the correct credentials.

As to Win98 though you have a point, since Win98 doesn't provide a way
to enter in a username - it is always set to the username entered when
logging on to the PC.

It may be possible to use "bad user = xxx" to effectively map all users
to user 'xxx', however this would mean any additional shares you add in
the future would have to use the same password.  With security=share it
should be possible to have a different password for each share.

One last idle thought - if you have an XP/2000 server storing all the
user accounts, it is possible to get Samba to check all usernames and
passwords with that server.  This means you could use security=user and
then for each share say "valid users = user1 user2 etc" and that way
those users should be permitted to access the share without entering in
a password, whereas all other users would be prompted for a correct
username/password (and if you use the "force user" option you
shouldn't have to create UNIX accounts for all the NT users.)  The down
side is that you'd have to modify smb.conf every time you wanted to
alter the access to a share (as NT groups won't work in this case)
however it should mean that users won't have to keep entering in a
password all the time.


More information about the samba mailing list