[Samba] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1

basti mailinglist at unix-solution.de
Mon Oct 5 08:42:21 UTC 2020



On 05.10.20 10:16, Rowland penny via samba wrote:
> On 05/10/2020 08:37, basti via samba wrote:
>> Hello I have a Problem with one windows 10 client.
>>
>> [2020/10/05 09:21:47.356628,  2]
>> ../source3/auth/auth.c:334(auth_check_ntlm_password)
>>    check_ntlm_password:  Authentication for user [ap31] -> [ap31] FAILED
>> with error NT_STATUS_WRONG_PASSWORD, authoritative=1
>> [2020/10/05 09:21:47.356724,  2]
>> ../auth/auth_log.c:610(log_authentication_event_human_readable)
>>    Auth: [SMB2,(null)] user [.]\[ap31] at [Mo, 05 Okt 2020
>> 09:21:47.356700 CEST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD]
>> workstation [AP31-PC] remote host [ipv4:192.168.0.54:49927] mapped to
>> [.]\[ap31]. local host [ipv4:192.168.0.100:445]
>>    {"timestamp": "2020-10-05T09:21:47.356848+0200", "type":
>> "Authentication", "Authentication": {"version": {"major": 1, "minor":
>> 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress":
>> "ipv4:192.168.0.100:445", "remoteAddress": "ipv4:192.168.0.54:49927",
>> "serviceDescription": "SMB2", "authDescription": null, "clientDomain":
>> ".", "clientAccount": "ap31", "workstation": "AP31-PC", "becameAccount":
>> null, "becameDomain": null, "becameSid": null, "mappedAccount": "ap31",
>> "mappedDomain": ".", "netlogonComputer": null, "netlogonTrustAccount":
>> null, "netlogonNegotiateFlags": "0x00000000",
>> "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
>> "passwordType": "NTLMv2", "duration": 4333}}
>>
>> It looks that the client use NTLMv2.
>>
>> The smb.conf on this server is:
>>
>> root at server:/var/log/samba# egrep -v "(^#|^$|^;)" /etc/samba/smb.conf
>> [global]
>>     workgroup = WORKGROUP
>>     local master = yes
>>     preferred master = yes
>>     os level = 210
>>     server string = Samba Server
>>     log file = /var/log/samba/log.%m
>>     log level = 2
>>     max log size = 1000
>>     logging = file
>>     panic action = /usr/share/samba/panic-action %d
>>     server role = standalone server
>>     obey pam restrictions = yes
>>     passwd program = /usr/bin/passwd %u
>>     passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>     pam password change = yes
>>     map to guest = bad user
>>     admin users = ap19 ap30
>>     passdb backend = tdbsam
>>     security = user
>>     ntlm auth = yes
>>     usershare allow guests = yes
>> [homes]
>> ...
>>
>> When I use smbclient with username and passwd it works without problems.
>>
>>
> Yes it is using NTLMv2 and the server isn't, you have two ways of fixing
> this:
> 
> THE WRONG WAY: turn on SMBv1 on the win10 client
> 
> The correct way: Turn off SMBv1 on the Samba server, this might just be
> as simple as removing 'ntlm auth = yes' from your smb.conf file, but,
> without knowing your Samba version, it is hard to tell :-)
> 
> You will also need to turn off SMBv1 on all other computers.
> 
> Rowland
> 
> 
Thanks Rowland. I have done a 'net use * /delete' on the client and
remove the cached credentials. and now it works.



More information about the samba mailing list