LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-28-2012, 07:41 PM   #1
rickbassham
LQ Newbie
 
Registered: Jul 2012
Posts: 1

Rep: Reputation: Disabled
Samba Issue with Share Level Security and client lanman auth


I have what I think is a strange issue. I have three computers, one is Windows 7 (win-pc), one is a Debian Wheezy desktop (debian-desktop) and one is a Debian Wheezy server (debian-nas). I have samba configured on debian-nas to share one public and one private share, using share level security.

Code:
[global]
workgroup = JB
security = share
client ntlmv2 auth = No
client lanman auth = Yes
lanman auth = Yes

[storage]
path = /var/local/storage/public
browseable = Yes
read only = No
guest ok = Yes
guest only = Yes
guest account = nobody

[private]
path = /var/local/storage/private
browseable = No
read only = No
guest ok = No
valid users = rick
When connecting from the Windows 7 computer, everything works fine. I can access both shares, as long as I am logged in as rick.

When connecting from my debian desktop, I get the following error:
Code:
rick@debian-desktop:~$ smbclient \\\\debian-nas\\private
Enter rick's password: 
Domain=[JB] OS=[Unix] Server=[Samba 3.6.6]
Server not using user level security and no password supplied.
Server requested LANMAN password (share-level security) but 'client lanman auth = no' or 'client ntlmv2 auth = yes'
tree connect failed: NT_STATUS_ACCESS_DENIED
What is confusing me is that I have 'client lanman auth = yes' and 'client ntlmv2 auth = no' in my smb.conf. I even confirmed with testparm:

Code:
rick@debian-nas:~$ testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[storage]"
Global parameter guest account found in service section!
Processing section "[private]"
WARNING: The security=share option is deprecated
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
	workgroup = JB
	security = SHARE
	lanman auth = Yes
	client NTLMv2 auth = No
	client lanman auth = Yes
	idmap config * : backend = tdb

[storage]
	path = /var/local/storage/public
	read only = No
	guest only = Yes
	guest ok = Yes

[private]
	path = /var/local/storage/private
	valid users = rick
	read only = No
	browseable = No
Can anyone tell me what I'm doing wrong?
 
Old 07-29-2012, 07:28 PM   #2
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 5,760

Rep: Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278
Welcome to LQ!

By default, later versions of Samba do not create the LANMANAGER hash when a user account is created unless lanman authorisation has been enabled.
Check whether the user account has a LANMAN hash with 'pdbedit -L -w'. 'man 5 smbpasswd' should help with the layout of the output. If not, you will likely need to delete and remake the user account using pdbedit.
 
Old 09-27-2012, 11:34 AM   #3
thiagoborn
LQ Newbie
 
Registered: Sep 2012
Posts: 2

Rep: Reputation: Disabled
Smile

Quote:
Originally Posted by allend View Post
Welcome to LQ!

By default, later versions of Samba do not create the LANMANAGER hash when a user account is created unless lanman authorisation has been enabled.
Check whether the user account has a LANMAN hash with 'pdbedit -L -w'. 'man 5 smbpasswd' should help with the layout of the output. If not, you will likely need to delete and remake the user account using pdbedit.

Thanks a lot. It's works for me. I was having issues with the "wd live plus" and my samba share at my linux box.
So I just add user with "useradd" and after that I add same user with the pbedit -a

Before:
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER


After:
check_ntlm_password: authentication for user [anonymous] -> [anonymous] -> [anonymous] succeeded
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
samba question: what controls top-level share visibility? jmoody Linux - Networking 1 03-18-2009 02:49 AM
samba share with windows auth k0r54 Debian 3 01-08-2008 02:38 PM
Samba share auth w/LDAP? cwhitmore SUSE / openSUSE 6 10-04-2006 01:56 PM
Intergrating SAMBA share (w2k AD auth) and vsftp accounts MitchM99 Linux - Software 5 04-24-2006 01:28 PM
Samba - Combination of user and share level security? kleptophobiac Linux - Software 0 07-20-2004 02:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration