[Samba] Samba authentication problem

Michael Wood esiotrot at gmail.com
Wed Apr 13 00:53:55 MDT 2011

On 25 March 2011 01:47, Xamindar <junkxamindar at gmail.com> wrote:
> On 03/24/2011 03:55 PM, Jeremy Allison wrote:
>> On Thu, Mar 24, 2011 at 03:44:51PM -0700, Xamindar wrote:
>>> On 03/24/2011 03:33 PM, Jeremy Allison wrote:
>>>> Share level security doesn't automatically mean no password.
>>>> Either use the password for user xamindar, or add
>>> Like I stated in the first post, it is not accepting the password for
>>> "xamindar". It spits back that it is wrong and in the logs I see
>>> "create_connection_server_info failed: NT_STATUS_WRONG_PASSWORD". The
>>> password is correct. It works fine with security set to user. I have
>>> tested with the mount command in linux and with a Vista machine, neither
>>> are able to connect.
>>>> "map to guest = Bad Password"
>>> When this is set it will ALWAYS connect as guest because it is not
>>> accepting any valid passwords.
>>>> in the [global] section of your smb.conf. See the
>>>> smb.conf man page for details.
>>> Thanks for the recommendations.
>>>> Jeremy.
>>> Am I missing something vital when security is set to share?
>> Sounds like a bug in your version of the cifsfs kernel
>> module. With security=share try connecting with the
>> same password using smbclient. If it correctly connects
>> then it's cifsfs screwing up somehow.
>> Jeremy.
> It still rejects it with this messege:
> # smbclient // -U xamindar
> Enter xamindar's password:
> Domain=[RADNIMAX] OS=[Unix] Server=[Samba 3.5.8]
> Server not using user level security and no password supplied.
> Server requested LANMAN password (share-level security) but 'client
> lanman auth' is disabled
> tree connect failed: NT_STATUS_ACCESS_DENIED
> I did type the password even though it is saying no password is
> supplied. I tried enabling 'client lanman auth' and restarting the
> server but I still get the same message when trying to connect.

Well, as far as I can tell based on discussions here and on
samba-technical, security = share is a bit of a hack (the way it
works, and not just Samba's implementation) and probably doesn't work
in recent versions of Windows anyway (although I haven't tried it).

Your test above failed because share level security seems to imply the
insecure lanman authentication, but "client lanman auth" defaults to
"no", so smbclient refuses to send the password.

cifsfs is probably also refusing to use lanman authentication, and
there may be an option to tell it to allow lanman auth.

I am no expert on this, so if that doesn't work, I can't help.  You
should probably try getting things to work with "security = user" and
"map to guest = Bad Password", though, since "security = share" has
always been dodgy and is likely to cause you trouble in future when
you upgrade Samba.

Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list