Re: [Samba] Samba4 server is not accessible for logon from Windows 2008R2 SP1.
- Date: Mon, 20 Nov 2017 21:17:53 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba4 server is not accessible for logon from Windows 2008R2 SP1.
On Mon, 20 Nov 2017 22:45:08 +0300
"CpServiceSPb . via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> I discovered the situation.
> When attempting to logon from Windows 2008R2 to Samba4 is made we can
> see in Samba smbd log the following important for understanding the
> situation lines:
> [2017/11/20 13:25:52.040094, 2, pid=7100, effective(0, 0), real(0,
> 0)] ../libcli/auth/ntlm_check.c:430(ntlm_password_check)
> ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user
> <username> [2017/11/20 13:25:52.040110, 3, pid=7100, effective(0,
> 0), real(0, 0)] ../libcli/auth/ntlm_check.c:437(ntlm_password_check)
> ntlm_password_check: NEITHER LanMan nor NT password supplied for
> user <username>
> It tell us that Samba4 doesn't wany to accept NTLMv1 authentication.
> So, it is easy to solve (as was in my case) .
> You should put to smb.conf to
> [general] section the followng line:
> ntlm auth = yes
> also I set max protocol = SMB3
> but I think that it is not important for this case.
> After changing smb.conf restarting of Samba4 services are necessary.
> So I can mark the topic as Solved !
The correct cure is to make your 2008R2 use NTLMv2 instead of NTLMv1
Or rather, find out why your 2008R2 server isn't using NTLMv2 by
The default for 'ntlm auth' was changed from 'yes' to 'no' for a reason.
To unsubscribe from this list go to the following URL and read the