Hello.

I am trying to get SAMBA setup on my file server, but no matter what I do, every single logon always returns "Access Denied." This is odd, because the connection is denied even before I have gotten a chance to enter a password. The SMB.CONF I'm using is here:



Let me add that none of the popular GUI tools are an option here, as this machine has no X Server or Window Manager installed; I have SSH access to it only.

I can verify that each of these unix usernames exists.

My client machine is running Windows Vista Ultimate SP1. I have tried modification of the "Lan Manager Authentication Level" setting, which has no effect.
I don't want to modify this setting anyway, as I have personally cracked many LM and NTLM passwords, and trust neither protocol. Ideally, I would like to get smbd to play nice with Vista machines without reconfiguring the clients.

Any ideas?

Billy3

EDIT: I forgot to add that I have a Windows XP Professional SP3 machine, and it all works okay there.

EDIT2: Also, I am correctly restarting samba after configuration changes (sudo /etc/init.d/samba restart). The Vista machine connects to Windows XP servers without a problem.

The Windows XP machine connects to Samba without problems?

Hello, Groovicus.

Yes, it does

I think that narrows it down to something with NTLM2 authentication (Which vista has on by default, while XP does not), but I think the line "client ntlmv2 auth = yes" should allow an NTLM2 session.

Billy3

What version of Samba are you using?

Hello, Groovicus.

This is the latest samba version I can get with Ubuntu 8.04 Server.

The smbstatus command prints:
Samba version 3.0.28a


Billy3

That version supports NTLM2. The only other thing I can think of is to force the Vista Machine to use both NTLM and NTLM2. The setting is in...umm....... secpol.msc (I think). I an't remember which setting to change, but it should say something like "Use NTLM2 only"; change that to "use NTLM2 if accessible." Again, I can't remember right off the top of my head, and my notes are not accessible.

If that fails, then check your firewall settings and workgroup settings.

I have tried modification of the "Lan Manager Authentication Level" setting, which has no effect.



Alright, I guess it's something I did... I'll try turning off LANMAN authentication and see of that works

Billy3

Well... I think I got it to work.

It turns out that the client kept trying to connect to this directory:
\\musicman\IPC$

When it did, it used the anonymous account to connect. So when I went to connect to anything else, Vista kept using the anonymous account without prompting. And the result is the Samba server understandably telling it "I don't think so".

It also turns out that "client ntlm2 auth" is the wrong settng. What I needed to set was "ntlmv2 auth". The client specifier refers to the smbclient program, while, without client it refers to the server.

Thanks again,
Billy3