[SOLVED] XP with Novell client does not connect to samba

Peter18 · 01-06-2019, 08:16 AM

A frendly hello to anybody,

I want to start with samba, but I have got some problems. I installed samba and tried to define shares, but I cannot login.

The hardware is a raspberrypi. Samba is Samba 4.5.12-Debian. Win7 and Win10 can login, WinXP fails. It repeats asking for User and Password. Negotiation seams to work, but the SMB-Header tells "NT Status: STATUS_LOGON_FAILURE (0xc000006d)".

The Log-File tells:
"[2019/01/05 15:11:53.664504, 0] ../source3/param/loadparm.c:3244(process_usershare_file)
process_usershare_file: stat of /var/lib/samba/usershares/date failed. Datei oder Verzeichnis nicht gefunden"

Can somebody give me an example for this file?

The mashine that does not connect is WinXP with Novell client. I'm afraid Novell ist the reason for the problem. I think the encryption is not ok. But I can conect to our Router "Fritzbox" to use Shares of it. So I think, a simple command is missing.

A guest user account works with XP and Novell

Greeting from the north see

Peter

allend · 01-07-2019, 08:25 AM

Supporting Windows XP with Samba versions >= 4.5 requires configuring Windows XP to use only NTLMv2 authentication. For the registry options see this.
From 'man smb.conf'

Quote:

ntlm auth (G)

This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response for this local
passdb (SAM or account database).

If disabled, both NTLM and LanMan authencication against the local passdb is disabled.

Note that these settings apply only to local users, authentication will still be forwarded to and NTLM authentication accepted against any
domain we are joined to, and any trusted domain, even if disabled or if NTLMv2-only is enforced here. To control NTLM authentiation for domain
users, this must option must be configured on each DC.

By default with lanman auth set to no and ntlm auth set to ntlmv2-only only NTLMv2 logins will be permited. Most clients support NTLMv2 by
default, but some older clients will require special configuration to use it.

The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

The available settings are:

• ntlmv1-permitted (alias yes) - Allow NTLMv1 and above for all clients.

• ntlmv2-only (alias no) - Do not allow NTLMv1 to be used, but permit NTLMv2.

• mschapv2-and-ntlmv2-only - Only allow NTLMv1 when the client promises that it is providing MSCHAPv2 authentication (such as the
ntlm_auth tool).

• disabled - Do not accept NTLM (or LanMan) authentication of any level, nor permit NTLM password changes.

The default changed from yes to no with Samba 4.5. The default chagned again to ntlmv2-only with Samba 4.7, however the behaviour is unchanged.

Default: ntlm auth = ntlmv2-only

There is a new wrinkle with this involving Windows 10, which now refuses to connect to Samba unless SMB1 has been disabled (which kills XP) or the use of SMB1 is explicitly configured in Windows 10.

Peter18 · 01-07-2019, 09:47 AM

Hello allend,

thank you for your answer! I got a connection! I tried several parameter like "client lanman auth = yes" but no one solved my problem. I listed "ntlm auth" too, but I did not try. I thought, why ever, it belongs to PDC and BDC.

Greeting from the rainy north see

Peter