[Samba] Win ME couln't login

John H Terpstra jht at samba.org
Sun May 15 22:20:18 MDT 2011


On 05/15/2011 10:48 PM, yudi shiddiq wrote:
> I have made samba PDC and tested with client win 7, win xp, and win vista
> successfully but fail with win millenium edition, the message shows that the
> password is incorect or access to the server has been denied.
>
> Installed s/w :
> - openldap2-2.4.21-9.1.i586
> - openldap2-client-2.4.21-9.1.i586
> - samba-3.5.4-4.1.i586
>
> Please give me a clue, because we still have client with OS Win ME....

Samba 3.5.4 has LANMAN passwords disabled by default.  Windows ME 
requires LANMAN passwords and can not use NT passwords.  Windows NT and 
later (XP, Vista and 7) can make use of NT passwords.

To permit Windows ME to log onto a Samba domain you need to add to 
smb.conf [global]

	lanman auth = Yes

 From the smb.conf man page for this parameter note as follows:

This parameter determines whether or not smbd(8) will attempt to 
authenticate users or permit password changes using the LANMAN password 
hash. If disabled, only clients which support NT password hashes (e.g. 
Windows NT/2000 clients, smbclient, but not Windows 95/98 or the MS DOS 
network client) will be able to connect to the Samba host.

The LANMAN encrypted response is easily broken, due to its 
case-insensitive nature, and the choice of algorithm. Servers without 
Windows 95/98/ME or MS DOS clients are advised to disable this option.

When this parameter is set to no this will also result in 
sambaLMPassword in Samba´s passdb being blanked after the next password 
change. As a result of that lanman clients won´t be able to 
authenticate, even if lanman auth is reenabled later on.
[cut]...[cut]
Default: lanman auth = no


Note:
After you have enabled "lanman auth = yes", you must set all passwords 
again to create the SambaLMpassword entry in your passdb backend (LDAP 
in your case).

Cheers,
John T.


More information about the samba mailing list