Samba SMB Error - Server not using user level security and no password supplied. tree connect failed: NT_STATUS_WRONG_PASSWORD

Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD

That happens when trying to use smbclient to connect to a share.  The weird thing is that I can authnenticate just fine from Windows XP.

It is partially my mistake, I forgot this share does have a password.  I've tried authenticating with the correct user and also with "Guest" because this works in Windows.  In Linux I get:

Server not using user level security and no password supplied.
Server requested LANMAN password (share-level security) but 'client lanman auth' is disabled
tree connect failed: SUCCESS - 0

A lot of places suggest adding this to the global portion of smb.conf on the server:

client lanman auth = Yes
 

It doesn't work in my case (yes SMB has been restarted), maybe because the client and servers are mixed.

Server=Centos 4: samba-3.0.28-0.el4.9

Client=Kunbuntu 8.04: 2:3.2.3-1ubuntu3.4

==========================

Working/Broken Current smb.conf File:

  workgroup = OURHOUSE
  domain master = no
  #client lanman auth = Yes
  #lanman auth = Yes
  hosts allow = 192.168.1.
  log file = /var/log/samba/smbd.log
  max log size = 50
  # security = user
  # when I
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  unix password sync = Yes
  #passwd program = /usr/bin/passwd %u
  #passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
  guest account = hostmeister
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  wins support = yes
  printcap name = cups
  printing = cups
  cups options = "raw"
  use client driver = yes

With security=user I can authenticate from the smbpasswd file from Linux to the password protected share.

But now in Windows I can't authenticate and I can't browse any shares at all.

This is why I used to have "security=share", because Windows users could view all the public shares without logging in, and they would only have to login in the case of a share that specified "valid users=someuser".

This is still not a very good solution at all.

Samba Allows One Security Mode At A Time

Documentation I read says you can only have anonymous shares (security=share) or user level authenticated shares (security=user).  I understand that part as it is obvious from the config file :)

The annoying thing is that I believe SAMBA is the culprit here.  The client or server (whoever is most responsible for this mess) should be fixed.

In reality the method security=share method makes the most sense.  Why?  Because the anonymous shares can be easily accessed by the public which is the intended functionality.

And when connecting from a Windows client, it seems to automatically send the username as one of the allowed users and accepts the password for protected/private shares.

The only very annoying issue, is that we can see above that Linux Samba clients won't be able to do this, whether you specify the correct username and password or not.

It seems like the Windows SMB client and Samba Unix client's access things differently.  It also could be that either/or the Samba Server and Client see that the "public" security option is set and refuse to accept or authenticate with any password, which is a really stupid and undesired kind of behavior.

This explains the message "Server requested LANMAN password (share-level security) but 'client lanman auth' is disabled" coming up from the Samba client even though the "client lanman auth" options were enabled.  I guess in effect the mechanism to authenticate from a Unix Samba client is made impossible once you set the security=share. 

One Pitfall In Windows To Avoid

I spent hours wondering why my main Windows client could not longer connect to the share, it was just saying I dont' have permission and even when prompting for a password nothing worked.

I found that Windows caches the way it authenticates or the password it sends or some other strange thing.  Rebooting made it authenticate properly and accept the password so I could get to the shares.

You can run this to delete all connections: net use * /delete
 


Tags:

samba, smb, server, user, password, supplied, nt_status_wrong_passwordserver, nt_status_wrong_password, smbclient, authnenticate, xp, partially, ve, authenticating, quot, linux, requested, lanman, auth, disabled, adding, global, portion, conf, doesn, restarted, servers, centos, kunbuntu, ubuntu, workgroup, ourhouse, domain, hosts, var, smbd, encrypt, passwords, passwd, etc, smbpasswd, unix, sync, usr, bin, retype, authentication, tokens, updated, successfully, hostmeister, socket, tcp_nodelay, so_rcvbuf, so_sndbuf, printcap, cups, printing, authenticate, browse, shares, users, logging, login, specified, valid, someuser, allows, mode, documentation, authenticated, config, culprit, method, accessed, functionality, connecting, automatically, username, accepts, specify, undesired, enabled, mechanism, pitfall, dont, prompting, caches, authenticates, rebooting, delete, connections,

Latest Articles

  • How To Upgrade Debian 8,9,10 to Debian 12 Bookworm
  • Linux dhcp dhclient Mint Redhat Ubuntu Debian How To Use Local Domain DNS Server Instead of ISPs
  • Docker dockerd swarm high CPU usage cause solution
  • Docker Minimum Requirements/How Efficient is Docker? How Much Memory Does Dockerd Use?
  • qemu-nbd: Failed to set NBD socket solution qemu-nbd: Disconnect client, due to: Failed to read request: Unexpected end-of-file before all bytes were read
  • apache2 httpd apache server will not start [pid 22449:tid 139972160445760] AH00052: child pid 23248 exit signal Aborted (6) solution Mint Debian Ubuntu Redhat
  • How to use the FTDI USB serial cable to RJ45 adapter to connect to the console on Cisco/Juniper Switch Router Firewall in Linux Ubuntu Debian Redhat
  • How To Setup Python3 in Ubuntu Docker Image for AI Deep Learning
  • How to Configure NVIDIA GPUs with Docker on Ubuntu: A Comprehensive Guide for AI Deep Learning CUDA Solution
  • Linux Ubuntu Mint how to check nameservers when /etc/resolv.conf disabled solution
  • Docker cannot work on other overlayfs filesystems such as ecryptfs won't start overlayfs: filesystem on '/home/docker/overlay2/check-overlayfs-support130645871/upper' not supported as upperdir
  • Linux How To Access Original Contents of Directory Mounted Debian Mint CentOS Redhat Solution
  • ecryptfs how to manually encrypt your existing home directory or other directory
  • How to Reset CIPC Cisco IP Communicator for CME CUCM CallManager
  • Internet Explorer Cannot Download File "Your security settings do not allow for this file to be downloaded." Security Settings Solution
  • Linux How To Upgrade To The Latest Kernel Debian Mint Ubuntu
  • Firefox how to restore and backup saved passwords and history which files/location
  • Linux How To echo as root solution to use tee permission denied solution Ubuntu Debian Mint Redhat CentOS
  • Linux how to keep command line bash process running if you are disconnected or need to logout of SSH remotely
  • Linux swapping too much? How to check the swappiness and stop swapping
    • Copyright © realtechtalk.com 2023