LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-23-2018, 06:32 PM   #1
ljb643
Member
 
Registered: Nov 2003
Posts: 432

Rep: Reputation: Disabled
Had to revert Samba to 4.4.16-i586-3 from 4.6.16-i586-1


Slackware 14.2, 32 bit. I installed the update patch to samba-4.6.16, restarted Samba services, and found that I was unable to connect from a Windows PC. No error on the Windows side, just keeps popping up the login box. No error logged on the server side. Wireshark tells me the server is sending STATUS_LOGON_FAILURE after credentials are supplied from the Windows PC.

This is a very simple setup: Samba on Linux configured as a stand-alone server and is also the master browser, a single share, local authentication. I am NOT trying to connect with guest user (as in another thread here). I've been using the same setup for a long time without changing anything.

Linux systems can connect to 4.6.16 using either smbclient or mount -t cifs, but no go from Windows. I reverted to the previous Slackware patch samba-4.4.16-i583-3 and connection from Windows works now.

Eventually I'm going to have to wade into this, increase logging levels, read through the change history for Samba, etc. But if anyone has any tips on something relevant that broke or changed from 4.4.x to 4.6.x that would probably help a lot
 
Old 08-23-2018, 07:04 PM   #2
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,854

Rep: Reputation: 660Reputation: 660Reputation: 660Reputation: 660Reputation: 660Reputation: 660
Can you share your working smb.conf?

Just in case the following is helpful here...
https://askubuntu.com/questions/1095...to-windows-box
 
Old 08-23-2018, 09:00 PM   #3
ljb643
Member
 
Registered: Nov 2003
Posts: 432

Original Poster
Rep: Reputation: Disabled
Thanks, but the askubuntu thread is about trying to connect the other way: Linux client to Windows server, and doesn't seem to apply.

Before I post my smb.conf - which I've been using without change for many years - I should try re-installing 4.6.16 and running it with a higher log level to see if it has anything useful to say.

But I'm still very interested if anyone knows of a change from 4.4 to 4.6 that might cause login failures from Windows XP. (Sorry, forgot to mention it was XP, in case that is relevant.)
 
Old 08-23-2018, 09:25 PM   #4
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware, Proxmox, Debian, CentOS, Ubuntu
Posts: 1,212

Rep: Reputation: Disabled
Quote:
But I'm still very interested if anyone knows of a change from 4.4 to 4.6 that might cause login failures from Windows XP.
A guess. XP is using SMB 1 and Samba 4.6 defaults to disabling SMB 1?
 
Old 08-23-2018, 10:21 PM   #5
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,854

Rep: Reputation: 660Reputation: 660Reputation: 660Reputation: 660Reputation: 660Reputation: 660
Quote:
Thanks, but the askubuntu thread is about trying to connect the other way: Linux client to Windows server, and doesn't seem to apply.
Sorry, missed that. As unport speculated, recent samba versions have disabled SMBv1 (NT1) by default. It can be enabled via smb.conf, but there are security issues with doing so.
 
Old 08-25-2018, 12:52 PM   #6
ljb643
Member
 
Registered: Nov 2003
Posts: 432

Original Poster
Rep: Reputation: Disabled
Close but not quite. It isn't the protocol level, but the authentication level default change that broke my setup. Starting with Samba-4.5, the defaults were changed so that NTLM authentication is disabled, requiring NTLMv2. The fix for me (yes it has security issues) was to add in smb.conf:
Code:
ntlm auth = yes
 
2 members found this post helpful.
Old 08-26-2018, 07:40 PM   #7
ljb643
Member
 
Registered: Nov 2003
Posts: 432

Original Poster
Rep: Reputation: Disabled
Followup and correction: If you have Windows XP systems that need to connect to the updated Samba 4.6.x in Slackware, you have 2 choices. (1) Enable the Samba server to accept NTLM (v1) authentication, as in my previous post, or (2) Enable NTLMv2 on each Windows XP system. Although (2) is better security, this is XP and security probably means keeping it off the network... To enable XP to do NTLMv2 authentication there are 2 registry keys to change as described here.
 
2 members found this post helpful.
Old 09-19-2018, 10:32 AM   #8
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 5,282

Rep: Reputation: 1924Reputation: 1924Reputation: 1924Reputation: 1924Reputation: 1924Reputation: 1924Reputation: 1924Reputation: 1924Reputation: 1924Reputation: 1924Reputation: 1924
Just ran into this myself.
As noted by @ljb643 in post #6 and #7, and confirmed by 'man smb.conf'
Quote:
ntlm auth (G)
This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response. If disabled, either the lanman password hash or an NTLMv2 response will need to be sent by the client.
If this option, and lanman auth are both disabled, then only NTLMv2 logins will be permitted. Not all clients supportNTLMv2, and most will require special configuration to use it.
The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.
The default changed from "yes" to "no" with Samba 4.5.
Slackware 14.2 had
Quote:
Tue Mar 13 21:12:51 UTC 2018
...
patches/packages/samba-4.4.16-x86_64-3_slack14.2.txz: Rebuilt.
then
Quote:
Fri Aug 17 16:52:04 UTC 2018
...
patches/packages/samba-4.6.16-x86_64-1_slack14.2.txz: Upgraded.
For me, the fix has been to edit the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel to value 3 on the affected Windows XP machines. https://support.microsoft.com/en-au/...-a-network-att

Last edited by allend; 09-19-2018 at 10:39 AM.
 
1 members found this post helpful.
Old 10-03-2018, 02:53 PM   #9
PROBLEMCHYLD
Member
 
Registered: Apr 2015
Posts: 790

Rep: Reputation: Disabled
Quote:
Originally Posted by allend View Post
For me, the fix has been to edit the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel to value 3 on the affected Windows XP machines. https://support.microsoft.com/en-au/...-a-network-att
Thanks, this worked for me too.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What is i586 royeo Linux - Newbie 6 09-06-2006 08:53 AM
i586? guitarhero14 Mandriva 1 03-14-2005 08:20 PM
Is i586 right for me? drknownothing Mandriva 2 09-09-2004 09:42 PM
samba-common-3.0.2a-3.2.100mdk.i586.rpm Moses420ca Mandriva 1 08-09-2004 02:18 PM
i586 mikeshn Linux - Newbie 3 02-16-2002 11:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration