[Samba] Samba and Win98

Günter Kukkukk linux at kukkukk.com
Thu May 8 14:00:04 GMT 2008


Am Donnerstag, 8. Mai 2008 schrieb sgmayo at mail.bloomfield.k12.mo.us:
> Günter Kukkukk wrote:
> > Am Mittwoch, 7. Mai 2008 schrieb sgmayo at mail.bloomfield.k12.mo.us:
> >> I have a friend that had a samba server go down.  They switched to another
> >> server and are having problems with people logging into it from Windows
> 98.  If the same user logs in from WinXp then everything works
> otherwise
> >> they get an error.  He also said that the smb.conf files were the same on
> >> both servers.
> >> >From the errors it almost looks like some sort of permission problem,
> >> but
> >> since it logs in from XP clients then that throws that theory out the
> door.
> >> Thanks for any info.
> >> Scott
> >> Here is the error that he said he gets:
> >> ************************************************************************
> Here it the message I get when trying to login from a Windows 98
> Machine.
> >> "The Password is Incorrect.  Try Again"
> >> This only happens from Windows 98 or 95 machines.  The same user can login
> >> to the samba server from Windows 2000 or XP.
> >> The log file from /var/log/samba on that machine is as follows:  BTW
> I'm
> >> not trying to login as Administrator.
> >> [2008/05/06 09:11:20, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 09:11:20, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 09:11:29, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 09:11:29, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 09:11:35, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 09:11:35, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 09:11:47, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 09:11:47, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 09:15:12, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 09:15:12, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 09:28:32, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 09:28:32, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 10:02:51, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 10:02:51, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 13:18:56, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 13:18:56, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 13:49:06, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 13:49:06, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 13:53:41, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 13:53:41, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 14:01:34, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 14:01:34, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 14:24:56, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 14:24:56, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 14:25:50, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 14:25:50, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 14:28:47, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 14:28:47, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 14:35:56, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 14:35:56, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> [2008/05/06 14:55:06, 0]
> >> auth/auth_util.c:create_builtin_administrators(792)
> >>   create_builtin_administrators: Failed to create Administrators
> >> [2008/05/06 14:55:06, 0] auth/auth_util.c:create_builtin_users(758)
> >>   create_builtin_users: Failed to create Users
> >> **********************************************************************
> Here is the smb.conf
> >> ***************************************************************** [global]
> >> netbios name = park
> >> workgroup = PV
> >> server string = %h server (Samba, Ubuntu)
> >> dns proxy = no
> >> log file = /var/log/samba/log.%m
> >> max log size = 1000
> >> syslog = 0
> >> panic action = /usr/share/samba/panic-action %d
> >> encrypt passwords = true
> >> passdb backend = tdbsam
> >> obey pam restrictions = yes
> >> invalid users = root
> >> passwd program = /usr/bin/passwd %u
> >> passwd chat = *Enter\snew\s*\spassword:* %n\n
> >> *Retype\snew\s*\spassword:*
> >> %n\n *password\supdated\ssuccessfully* .
> >> map to guest = bad user
> >> socket options = TCP_NODELAY
> >> usershare allow guests = yes
> >> comment = Home Directories
> >> browseable = yes
> >> read only = no
> >> create mask = 0700
> >> directory mask = 0700
> >> valid users = %U
> >> locking = no
> >> [printers]
> >> comment = All Printers
> >> browseable = no
> >> path = /var/spool/samba
> >> printable = yes
> >> guest ok = no
> >> read only = yes
> >> create mask = 0700
> >> [print$]
> >> comment = Printer Drivers
> >> path = /var/lib/samba/printers
> >> browseable = yes
> >> read only = yes
> >> guest ok = no
> >> [Public]
> >> comment = Public Stuff
> >> path = /home/public
> >> public = yes
> >> writable = yes
> >> write list = @staff
> >> browsable = yes
> >> read only = no
> >> directory mode = 0770
> >> default case = upper
> >> [hcnul]
> >> path = /home/hcnul
> >> writable = yes
> >> write list = @hcnul
> >> browsable = yes
> >> read only = no
> >> directory mode = 0770
> >
> > Please do the following on the new samba server:
> >   post the outcome of 'testparm -vs | grep lanman'
> >
> > As root, 'pdbedit -w username -d0', where "username" is a user
> > which is not working from win9x.
> >
> > Cheers, Günter
> 
> 
> 
> Here is what he said:
> 
> The testparm command shows:
> 
> Processing section "[homes]"
> .
> .
> .
> Loaded services file OK
> Server role: ROLE_STANDALONE
>       lanman auth = No
>       client lanman auth = No
> 
> The pdbedit command shows:
> 
> kemperk:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:ADEC9EDC3A6A794D691E6DFAFCFAEE85:[U
> ]:LCT-481B6630:
> 

In some recent samba version some security defaults have changed
to more restricted ones, i.e. lanman auth, client lanman auth, ... 
are now set to "no", if not explicitely specified.

As you can see from the pdbedit output, the lanman hash has been
X-ed out, which means it's gone atm.

To get the former win98 logon possibility back, do the
following:

1. Add "lanman auth = Yes" to the [global] section of smb.conf
2. Now to get the old lanman hash back, you have to re-enter the
   samba password for every affected user by using
   'smbpasswd your_username'

Note that the old lanman hash has a weak design and can add
security problems to your network.

If you also use the samba client tools, i.e. smbclient,
to access remote legacy servers, you also have to set
"client lanman auth = Yes" in smb.conf.

Good luck, Günter


More information about the samba mailing list