Samba SMB Error - Server not using user level security and no password supplied. tree connect failed: NT_STATUS_WRONG_PASSWORD

Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD

That happens when trying to use smbclient to connect to a share.  The weird thing is that I can authnenticate just fine from Windows XP.

It is partially my mistake, I forgot this share does have a password.  I've tried authenticating with the correct user and also with "Guest" because this works in Windows.  In Linux I get:

Server not using user level security and no password supplied.
Server requested LANMAN password (share-level security) but 'client lanman auth' is disabled
tree connect failed: SUCCESS - 0

A lot of places suggest adding this to the global portion of smb.conf on the server:

client lanman auth = Yes
 

It doesn't work in my case (yes SMB has been restarted), maybe because the client and servers are mixed.

Server=Centos 4: samba-3.0.28-0.el4.9

Client=Kunbuntu 8.04: 2:3.2.3-1ubuntu3.4

==========================

Working/Broken Current smb.conf File:

  workgroup = OURHOUSE
  domain master = no
  #client lanman auth = Yes
  #lanman auth = Yes
  hosts allow = 192.168.1.
  log file = /var/log/samba/smbd.log
  max log size = 50
  # security = user
  # when I
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  unix password sync = Yes
  #passwd program = /usr/bin/passwd %u
  #passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
  guest account = hostmeister
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  wins support = yes
  printcap name = cups
  printing = cups
  cups options = "raw"
  use client driver = yes

With security=user I can authenticate from the smbpasswd file from Linux to the password protected share.

But now in Windows I can't authenticate and I can't browse any shares at all.

This is why I used to have "security=share", because Windows users could view all the public shares without logging in, and they would only have to login in the case of a share that specified "valid users=someuser".

This is still not a very good solution at all.

Samba Allows One Security Mode At A Time

Documentation I read says you can only have anonymous shares (security=share) or user level authenticated shares (security=user).  I understand that part as it is obvious from the config file :)

The annoying thing is that I believe SAMBA is the culprit here.  The client or server (whoever is most responsible for this mess) should be fixed.

In reality the method security=share method makes the most sense.  Why?  Because the anonymous shares can be easily accessed by the public which is the intended functionality.

And when connecting from a Windows client, it seems to automatically send the username as one of the allowed users and accepts the password for protected/private shares.

The only very annoying issue, is that we can see above that Linux Samba clients won't be able to do this, whether you specify the correct username and password or not.

It seems like the Windows SMB client and Samba Unix client's access things differently.  It also could be that either/or the Samba Server and Client see that the "public" security option is set and refuse to accept or authenticate with any password, which is a really stupid and undesired kind of behavior.

This explains the message "Server requested LANMAN password (share-level security) but 'client lanman auth' is disabled" coming up from the Samba client even though the "client lanman auth" options were enabled.  I guess in effect the mechanism to authenticate from a Unix Samba client is made impossible once you set the security=share. 

One Pitfall In Windows To Avoid

I spent hours wondering why my main Windows client could not longer connect to the share, it was just saying I dont' have permission and even when prompting for a password nothing worked.

I found that Windows caches the way it authenticates or the password it sends or some other strange thing.  Rebooting made it authenticate properly and accept the password so I could get to the shares.

You can run this to delete all connections: net use * /delete
 


Tags:

samba, smb, server, user, password, supplied, nt_status_wrong_passwordserver, nt_status_wrong_password, smbclient, authnenticate, xp, partially, ve, authenticating, quot, linux, requested, lanman, auth, disabled, adding, global, portion, conf, doesn, restarted, servers, centos, kunbuntu, ubuntu, workgroup, ourhouse, domain, hosts, var, smbd, encrypt, passwords, passwd, etc, smbpasswd, unix, sync, usr, bin, retype, authentication, tokens, updated, successfully, hostmeister, socket, tcp_nodelay, so_rcvbuf, so_sndbuf, printcap, cups, printing, authenticate, browse, shares, users, logging, login, specified, valid, someuser, allows, mode, documentation, authenticated, config, culprit, method, accessed, functionality, connecting, automatically, username, accepts, specify, undesired, enabled, mechanism, pitfall, dont, prompting, caches, authenticates, rebooting, delete, connections,

Latest Articles

  • ssh Too many authentication failures not prompting for password
  • LightDM Mint Ubuntu Debian won't start errors Nvidia Graphics
  • WARNING: Unable to determine the path to install the libglvnd EGL vendor library config files. Check that you have pkg-config and the libglvnd development libraries installed, or specify a path with --glvnd-egl-config-path. Linux Ubuntu Mint Debian E
  • How To Upgrade Linux Mint 18.2 to 18.3 to 19.x and 20.x
  • MP3s Won't Play / ID3 Version 2.4 Issues in Cars and Other MP3 Players/CDs/DVDs Solution
  • LXC Containers LXD How to Install and Configure Tutorial Ubuntu Debian Mint
  • GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox
  • Ubuntu Mint audio output not working pulseaudio "pulseaudio[13710]: [pulseaudio] sink-input.c: Failed to create sink input: too many inputs per sink."
  • How To Shrink Dynamically Allocated VM QEMU KVM VMware Disk Image File
  • How To Enable Linux Swapfile Instead of Partition Ubuntu Mint Debian Centos
  • 404 Not Found [IP: 151.101.194.132 80] apt update Debian 11 Bullseye Solution The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.
  • WARNING: Can't download daily.cvd from db.local.clamav.net freshclam clamav error solution
  • (firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory) Solution
  • Debian Mint Ubuntu Which Package Provides missing top, ps and w Solution
  • Vbox Virtualbox DNS NAT Network Mode NOT working
  • Docker Tutorial HowTo Install Docker, Use and Create Docker Container Images Clustering Swarm Mode Monitoring Service Hosting Provider
  • Zoom Password Error 'That passcode was incorrect' - Solution Wrong Passcode Wrong Meeting Name
  • How To Startup and Open Remote/Local Folder/Directory in Ubuntu Linux Mint automatically upon login
  • How To Reset Windows Server Password 2019, 2022, 7, 8, 10, 11 Recovery and Removal Guide Using Linux Ubuntu Mint Debian
  • How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication