[Samba] Samba 3.4 Windows 95/98 logon problem

Miguel Medalha miguelmedalha at sapo.pt
Sun Mar 21 07:08:10 MDT 2010

> we have just upgraded one of our very old Linux/Samba servers to version
> 3.4.2. After the upgrade, the Windows 95/98 clients cannot login to the
> server anymore. In the log I see 'NT_STATUS_ACCESS_DENIED' messages for
> these clients.

The key word here is "very old". Meanwhile, some Samba defaults changed.
The default for "client lanman auth" is now "No".

If you have Windows 9x clients, you should have the following in your 
smb.conf file:

client lanman auth = Yes

 From the smb.conf (5) man page:

client lanman auth (G)

This parameter determines whether or not smbclient(8) and other samba 
client tools will attempt to authenticate itself to servers using the 
weaker LANMAN password hash. If disabled, only server which support NT 
password hashes (e.g. Windows NT/2000, Samba, etc... but not Windows 
95/98) will be able to be connected from the Samba client.

The LANMAN encrypted response is easily broken, due to its 
case-insensitive nature, and the choice of algorithm. Clients without 
Windows 95/98 servers are advised to disable this option.

Disabling this option will also disable the client plaintext auth option.

Likewise, if the client ntlmv2 auth parameter is enabled, then only 
NTLMv2 logins will be attempted.

Default: client lanman auth = no

More information about the samba mailing list