Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Rep:
Ubuntu 10.04, samba & win95 login
Hi--
Last night my old server running a 5 year old version of samba crashed. So I set up an Ubuntu 10.04.1 lts box to be server. Now my Win95 machine cannot login.
It sees the Samba share but reports that its password was incorrect. My first guess is that Samba is expecting an encrypted password, and Win95 is sending unencrypted. (Other Ubuntu boxes, and a WinXP box are able to connect to this new server without problem.)
This probably is not going to help you too much, but maybe point things in the right direction ...
The Windows networking changed in how it operates from win95/98 to 2000. I don't recall the specifics, but I think it has something to do with Netbios and how machine authentication is handled. It sounds like you may be running into this. You will probably need to search some Samba documentation for more details, and see if there is anything specific you need to do in (current) Samba to support the older clients.
Does it work if you remove password authentication?
Also, a stupid question, but a mistake I have made, did you use the smbpasswd function to create the Samba user and password in addition to the Linux user log in?
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Original Poster
Rep:
Noway2--
Actually, that might not be a stupid question; rather a silly mistake I may have made. I will check it out.
It has been so long since I set up my samba system that I had forgotten about that little doodad. Today I discovered that no one but I could get more than read only access to the shares. That could explain a lot of it.
I had not thought of it, since the old system already had that handled, and the new system had not had that set up.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Original Poster
Rep:
Noway2--
A report back: no joy yet.
I ran smbpasswd as root for my various users. But W95 still reports invalid password, and WinXP still shows the files as read only.
So I changed the smb.conf file to make encrypt passwords = false and then W95 reports that there was an invalid parameter, before it ever asks for a password. Turning it back to false gives the password request, but it still does not accept the password.
So perhaps some clues, and some slight progress.
Any idea where the smbpasswd file storing the passwords is? I cannot find it using locate.
I don't have any more ideas for you at the moment.
I have a copy of a good Samba book, which is where I found the information on win 95 being different in its authentication and protocols. I will see if I can find anything special with regards to mixing older machines with the newer 2000 and beyond (the book was written for Samba 3.0). I will follow up on this thread after I have had a chance to do so.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Original Poster
Rep:
Noway2--
You are a prince of a person to do so!
This weekend I finally bit the bullet and blew away the box on which I was trying to cobble samba together--got rid of OS and all! Have started from scratch.
As of now, things are going well, and at 12:30 am I am tending the machine as rsync chugs away at restoring several incremental backups I have of several different directories.
Hopefully when this is all done we will be able to login to the system with win95 and winxp just like before!
Sorry to have taken so long to get back to you. I have been looking over the Samba book (Learning Samba by O'Reilly). I couldn't find anything special about connecting with an older machine line Win 95. What seems to be different is in how they resolve names and the order of the protocols (wins, lmhosts, dns, etc). I don't think that this is your problem, which appears to be an authentication type issue. One thing I did find (I don't have the book handy as I am at work) that correlates to your experience was in regards to the encrypt password = false statement. I don't recall the specifics but it basically amounts to the fact that you don't want to do this. It changes the mode of operation and puts you in an incompatible one. I can see if I can find this again and post the details.
Anyway, one thing that I did learn is that Samba is supposed to have really good logging and that there are 10 levels of verbosity. The default logging is rather low (level 0 I think). Typically, even for the developer level, you don't want to set it higher than about level 3 as the data stream written to disk gets immense and can severely hamper the server throughput and eat up disk space. What you can do is create a special smb.conf file for the particular client and set the logging for that client only to a higher level.
If you are still having problems after you re-install I will get the details on how this was done. It was in the troubleshooting tree section. Most of it dealt with low level connections and what not and this doesn't seem to be your problem. Hence, I think the log files will be where we need to look for more answers. I think that the next step would be for you to create a special configuration for that machine that would let you experiment with different levels of authentication and adjust the debug logging so that you could better see where the problem lies, while not impacting the rest of the system.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Original Poster
Rep:
Noway2--
Thanks!
So I have done a rebuild of the Samba server and have everybody logged back in and actually reading and writing files--except for the Win95 machine.
Tonight I found and installed service pack 1 for W95, then rebooted. Still no go: it sees the network share, but then when I enter the password, it says it is incorrect. I was kind of hoping it was the password encryption issue which sp1 is supposed to solve, but guess not.
So yes, if you find something there that might help, please let me know, Noway2!
One things that I have come across so far is that Win95 transmits the user name and password in all capital letters, where as later versions do not. Consequently, there is a possibility that your user and password in smbpasswd aren't matching what is being sent and your problem may be this simple. I would try that first. Samba also support various authentication methods including plain text, NTLM (version 1 and 2), PAM, and Kerberos. I think the default is NTLM when you leave the encrypted passwords = true. There is also the password and user levels which is what sets the number of capital letter combinations that will work or something along those lines.
Try setting the user and password (in samba) with all caps and see if that works. If it doesn't we will need to determine which log in method you are using and likely turn on debug for that user so that we can see what is happening.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Original Poster
Rep:
Noway2--
Thanks for helping.
Sorry you had to wait so long for a reply. I had good backups, but I have spent the last two weeks cleaning up the restore--I think I restored too much and had duplicates of many files all over the place! I think that is mostly resolved now, so I can take a look at this w95 issue now.
When I had my previous version of samba, this win95 user had no trouble logging in, so I doubt it was an all caps username or password that is the issue here. Unless the treatment of how win95 logs in is different in newer versions of samba.
My previous server set up was running Red Hat 9.0 and samba version 2.2.7a-security-rollup-fix. The current version is Ubuntu 10.4 and samba version 3.4.7.
I am thinking that if I do change the username to all caps it will create a new user and new home directory, and I am not sure how to undo that later. So I am a little gun-shy on that at the moment.
However, I did change the smbpasswd and that does not allow this user to login.
What is interesting is that the win95 machine can find the server and the shared directory (when I try to map a drive letter), and can even print across the network. (The printer however is on a WinXP box.) Also, we are able to login to the w95 computer using vnc. So this all tells me the problem is probably in samba, maybe its settings somewhere.
So maybe the debug and logs would make sense next? What do you think? If you tell me to create a new user I will....
It is good to hear back from you. I was wondering how you were faring with this. I will have to look up how to enable to logging for a user and will post on this after I do so.
For the moment, however, I came across something that I think you will find interesting. It appears that a default setting was changed circa samba 3.2 that breaks the compatibility with win 9x clients and the fix seems simple enough. There is a setting in smb.conf for 'lanman auth' and you want to make sure it is set to true. For "security" reasons, the default setting was changed to no, which works fine with any NT 4 and later systems. The problem has to do with the password hashing of the older clients. Note, you will probably need to restart the samba daemon to get the change to take affect. Also, one user said that he set login level to 10 and got it to work, then reset it to 1 and it still worked. If I recall correctly, login level has to do with the allowed permutations of capitalized letters.
Here, here, and here are some links to the technical details of this.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Original Poster
Rep:
Noway2--
The second page you referenced, has this line: "Note, that the cifs vfs kernel module, used to mount remote smb shares, does _not_ use
smb.conf at all."
This seems to apply to my situation, because the mounts are cifs. Except I guess I do not specify that in the Win95 client, do I?
The third link you provided gives a 404.
In any case, if I want to set this client lanman auth = Yes switch, where in the smb.conf file does it go? [golbal]? Or is there a way to make it only operative for one user?
I posted this because it says that yes, the lanman setting goes in global, but it goes a few steps further too. When searching for whether or not it was a global setting, I came across 'client lanman' too. To be honest, this confused me and so I did some more digging. The article in that last link, which is a troubleshooting win 95 clients that break when you upgrade Samba, has multiple settings including both lanman and client lanman as well as other things you need to do to make it work. That could explain what was in the previous links about things suspiciously not working until the login level was changed to 10 and then miraculously it did, even when the login level was reduced.
From what I have read so far, I am a bit suspicious about effects that it might have in regards to reducing the 'security' of any Win 2000 and later clients with respect to passwords, but I can't say for certain. It looks like this was a new default, so in theory you wouldn't be introducing any new loop holes, but you might want to do some research on this topic if it is of concern.
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366
Original Poster
Rep:
Noway2--
Oooh, that looks promising! Thank you. I will have to try it this weekend when I may have some time to play around, and when I am more wide awake that at the moment.
Not sure that I should have any worries about the security of the Windows clients. My situation is a small office with 3 employees and about 7 computers total, only two of which are Win. I guess what it is saying is that all passwords are sent over the network in plain text. But we do not access the network from the outside. And there is a firewall in the router, and all machines but the win95 have firewalls of their own. Where do you see the vulnerabilities here?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.