[Samba] Samba & Vista

Steve Blackwell zephod at cfl.rr.com
Sun Aug 3 17:38:41 GMT 2008

> I'm trying to use smbclient to look at a Vista box but I keep getting:
> # smbclient -L user-pc -U Kellie
> Password: <Kellie's password>
> session setup failed: NT_STATUS_LOGON_FAILURE
> I know the user/password combination is good.

I spent most of yesterday searching the web for more information. Now,
I have used wireshark to look at the traffic between my Linux and Vista

First I see a "Negotiate Protocol Request" message from the Linux box
to the Vista box which replies with a "Negotiate Protocol Response".

Then I see 3 messages which seem to correspond to the type 1, type 2
and type 3 messages of the NTLM authentication protocol as described


I can see in the type 1 message, listed as 
"Session Setup AndX Request, NTLMSSP_NEGOTIATE" 
that the flag is set that Samba says it can use NTLMv2 - Negotiate
NTLN2 key - Set.

In the type 2 message back from the Vista box, listed as 
"Session Setup AndX Response, NTLMSSP_CHALLENGE, Error:
the same flag is set. I take this to mean that box boxes have agreed to
use NTLMv2.

In the type 3 message, listed as 
"Session Setup AndX Request, NTLMSSP_Auth, User: WORKGRPUP/Kellie", 
I can see that Samba is sending the correct workgroup as DOMAIN NAME,
the correct host and the correct user.

Is there some place on the Vista box where I can see the login
attempts and get some clue as to why it sends out a final message of
"Session Setup AndX Response, Error: STATUS_LOGON FAILURE"?


More information about the samba mailing list