Web lists-archives.com

Re: [Samba] Win10 cannot access linux shares





On 9/19/2017 5:11 AM, Doug Wyatt via samba wrote:
> 
> 
> On 9/18/2017 12:51 AM, Marc Muehlfeld via samba wrote:
>> Hi,
>>
>> Am 18.09.2017 um 05:31 schrieb Doug Wyatt via samba:
>>> When I upgraded from Fedora 22 to Fedora 25 my Win10 box lost the
>>> ability to connect to shares on the F25 box.  The F25 box can still
>>> access shares on the Win10 box.
>>>
>>> F25 is currently running Samba 4.5.13 and I have a simple workgroup
>>> setup.  Let's call the Win10 box 'fred' and the F25 box 'ethel'.
>>>
>>> Is this the problem, and if so, how can I fix it?
>>
>> * What was the Samba version you are were updating from? Have you read
>> the changelogs of the releases between? Things that affects your setup
>> may have changed.
>>
>>   https://wiki.samba.org/index.php/Updating_Samba#The_Update_Process
>>
>> * Is the Samba user database still stored in the path where the new
>> Samba version expects it?
>>
>> * Please let us see your smb.conf.
>>
>> * What does the log file say, why access is denied. Increase the log
>> level, if necessary.
>>
>>
>> https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server#Setting_a_Universal_Log_Level
>>
>>
>> Regards,
>> Marc
>>
>>
> 
> Thanks for your response.
> 
> I believe the Samba version in Fedora 22 was 4.2.  I haven't had time to
> review change logs, yet.
> 
> The user database has been recreated from scratch using pdbedit, so I
> assume it is appropriate at /var/lib/samba/private/passdb.tdb.  Also,
> I just deleted the entry for user "daw" and recreated it to ensure that
> the password is correct.
> 
> A current version of my smb.conf can be viewed at:
>    <https://da.gd/YdmZy>
> 
> The last few lines from the log file with the log levels shown in the
> smb.conf  ...
> 
> [2017/09/19 04:34:09.265498, 10, pid=29062, effective(0, 0), real(0, 0),
>     class=passdb]
> ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
>     pdb_set_user_sid_from_rid:
>   	setting user sid S-1-5-21-1262923615-2689791783-523174309-1003
>         from rid 1003
> [2017/09/19 04:34:09.265546,  5, pid=29062, effective(0, 0), real(0, 0),
>     class=passdb] ../source3/passdb/pdb_tdb.c:813(tdb_update_samacct_only)
>     Storing account daw with RID 1003
> [2017/09/19 04:34:09.265574, 10, pid=29062, effective(0, 0), real(0, 0),
>     class=passdb] ../source3/passdb/pdb_tdb.c:947(tdb_update_sam)
>     tdb_update_sam: Updating key for RID 1003
> [2017/09/19 04:34:09.265608,  5, pid=29062, effective(0, 0), real(0, 0),
>     class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
>     check_ntlm_password: sam authentication for user [daw]
>     FAILED with error NT_STATUS_WRONG_PASSWORD
> [2017/09/19 04:34:09.265644,  2, pid=29062, effective(0, 0), real(0, 0),
>     class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
>     check_ntlm_password:  Authentication for user [daw] -> [daw]
>     FAILED with error NT_STATUS_WRONG_PASSWORD
> 
> So, at lest I know the username is getting across correctly.
> 
> Regards,
> Doug
> 

Okay,

I found a solution on a web forum ...

    Changing local policy on Windows 10 to only allow NTLMv2 for
authentication.

    Change the value of { Local Policies->Security Options
      ->Network Security:AN Manager authentication level }
    to
      'Send NTLMv2 response only. Refuse LM & NTLM'

With that, Win10 connected to the shares on the F25 box with no fuss.

Regards,
Doug



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba