Samba SMB Error - Server not using user level security and no password supplied. tree connect failed: NT_STATUS_WRONG_PASSWORD

Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD

That happens when trying to use smbclient to connect to a share.  The weird thing is that I can authnenticate just fine from Windows XP.

It is partially my mistake, I forgot this share does have a password.  I've tried authenticating with the correct user and also with "Guest" because this works in Windows.  In Linux I get:

Server not using user level security and no password supplied.
Server requested LANMAN password (share-level security) but 'client lanman auth' is disabled
tree connect failed: SUCCESS - 0

A lot of places suggest adding this to the global portion of smb.conf on the server:

client lanman auth = Yes
 

It doesn't work in my case (yes SMB has been restarted), maybe because the client and servers are mixed.

Server=Centos 4: samba-3.0.28-0.el4.9

Client=Kunbuntu 8.04: 2:3.2.3-1ubuntu3.4

==========================

Working/Broken Current smb.conf File:

  workgroup = OURHOUSE
  domain master = no
  #client lanman auth = Yes
  #lanman auth = Yes
  hosts allow = 192.168.1.
  log file = /var/log/samba/smbd.log
  max log size = 50
  # security = user
  # when I
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  unix password sync = Yes
  #passwd program = /usr/bin/passwd %u
  #passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
  guest account = hostmeister
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  wins support = yes
  printcap name = cups
  printing = cups
  cups options = "raw"
  use client driver = yes

With security=user I can authenticate from the smbpasswd file from Linux to the password protected share.

But now in Windows I can't authenticate and I can't browse any shares at all.

This is why I used to have "security=share", because Windows users could view all the public shares without logging in, and they would only have to login in the case of a share that specified "valid users=someuser".

This is still not a very good solution at all.

Samba Allows One Security Mode At A Time

Documentation I read says you can only have anonymous shares (security=share) or user level authenticated shares (security=user).  I understand that part as it is obvious from the config file :)

The annoying thing is that I believe SAMBA is the culprit here.  The client or server (whoever is most responsible for this mess) should be fixed.

In reality the method security=share method makes the most sense.  Why?  Because the anonymous shares can be easily accessed by the public which is the intended functionality.

And when connecting from a Windows client, it seems to automatically send the username as one of the allowed users and accepts the password for protected/private shares.

The only very annoying issue, is that we can see above that Linux Samba clients won't be able to do this, whether you specify the correct username and password or not.

It seems like the Windows SMB client and Samba Unix client's access things differently.  It also could be that either/or the Samba Server and Client see that the "public" security option is set and refuse to accept or authenticate with any password, which is a really stupid and undesired kind of behavior.

This explains the message "Server requested LANMAN password (share-level security) but 'client lanman auth' is disabled" coming up from the Samba client even though the "client lanman auth" options were enabled.  I guess in effect the mechanism to authenticate from a Unix Samba client is made impossible once you set the security=share. 

One Pitfall In Windows To Avoid

I spent hours wondering why my main Windows client could not longer connect to the share, it was just saying I dont' have permission and even when prompting for a password nothing worked.

I found that Windows caches the way it authenticates or the password it sends or some other strange thing.  Rebooting made it authenticate properly and accept the password so I could get to the shares.

You can run this to delete all connections: net use * /delete
 


Tags:

samba, smb, server, user, password, supplied, nt_status_wrong_passwordserver, nt_status_wrong_password, smbclient, authnenticate, xp, partially, ve, authenticating, quot, linux, requested, lanman, auth, disabled, adding, global, portion, conf, doesn, restarted, servers, centos, kunbuntu, ubuntu, workgroup, ourhouse, domain, hosts, var, smbd, encrypt, passwords, passwd, etc, smbpasswd, unix, sync, usr, bin, retype, authentication, tokens, updated, successfully, hostmeister, socket, tcp_nodelay, so_rcvbuf, so_sndbuf, printcap, cups, printing, authenticate, browse, shares, users, logging, login, specified, valid, someuser, allows, mode, documentation, authenticated, config, culprit, method, accessed, functionality, connecting, automatically, username, accepts, specify, undesired, enabled, mechanism, pitfall, dont, prompting, caches, authenticates, rebooting, delete, connections,

Latest Articles

  • How to allow SSH root user access in Linux/Debian/Mint/RHEL/Ubuntu/CentOS
  • Ansible Tutorial - Playbook How To Install From Scratch and Deploy LAMP + Wordpress on Remote Server
  • Ceph Install Errors on Proxmox / How To Fix Solution
  • Proxmox Update Error https://enterprise.proxmox.com/debian/pve bullseye InRelease 401 Unauthorized [IP: 144.217.225.162 443]
  • QEMU/KVM How to Hot-add A Virtual Disk .raw/.qcow2 via QEMU Monitor Commands
  • Proxmox How To Enable Ceph Distributed Storage Cluster with OSD and Pools
  • pulseaudio issue on QEMU/KVM guest VM when microphone is replugged/unplugged pulseaudio: pa_threaded_mainloop_lock failed pulseaudio: Reason: Invalid argument
  • Ubuntu Linux Mint - Volume Control Stopped Working
  • Proxmox Services Won't Start Failed to start The Proxmox VE cluster filesystem. Proxmox VE firewall. PVE Status Daemon. Proxmox VE scheduler. PVE Cluster HA Resource Manager Daemon. PVE Local HA Resource Manager Daemon.
  • Proxmox Guide FAQ / Errors / Howto
  • Virtualbox Vbox Issue Cannot Enable Nested Virtualization Button is Grayed/Greyed Out and Unclickable HowTo Solution
  • Virtualbox VBOX Howto Port Forward To Guests
  • Linux Ubuntu Debian Centos Mint - How To Check if Intel VT-x or AMD-V Hardware Virtualization is Enabled?
  • Linux Howto Zip Multiple Files and Directories
  • Windows Cannot Format USB drive Device Media is Write Protected Error Solution
  • Linux Mint 20 cannot install snapd missing solution
  • Virtualbox VBOX How To Install Guest-Utils/GuestUtils so drag and drop and clipboard works Ubuntu Mint Debian Linux
  • How to install Kubernetes with microk8s and deploy apps on Debian/Mint/Ubuntu Linux
  • vi how to delete everything to the end of the line or the rest of the line from the cursor
  • Cisco Howto Configure Console Port/Terminal/Comm Server with Async Cable Setup