Samba is rejecting passwords from XP PCs in workgroup (not domain)
Posted on 2008-10-31
I have built a mirrored Ubuntu server for my home using the latest Samba, compiled from source code. All of the PCs in the house are either XP SP2/SP3 or Vista. Obviously, because this is just a family thing we are only using workgroups, not a domain.
This server will also be connected with an inbound SSH/SFTP port for one of my friends who helped to fund this little box as an offsite storage facility for his photography side-business. Because this server will still have an opening from the Internet, I would prefer to be able to have some kind of authentication for the local LAN.
Yes, it's probably overkill because the SSH/SFTP key was generated with 4096-bit RSA encryption, the only port to the box from the outside is the one for SSH/SFTP (which is nowhere close to port 22, by the way), and my wireless router has WPA2 and a 23-key password. But I'd still like to be able to have some kind of security internally for the Samba connection.
I created the Linux and Samba accounts to match the workgroup accounts on each PC, and I've applied the same password to both the Linux and Samba accounts. I can see the server fine from Windows Explorer, but when I attempt to log on -- you guessed it -- it fails and I get the wonderful "FAILED with error NT_STATUS_WRONG_PASSWORD" and "NT_STATUS_LOGON_FAILURE" messages in the logs.
I'm apparently a victim of the XP encrypted password situation that is often mentioned on the web; however, most of the "solutions" assume that a domain is being used, not a workgroup.
If I set security to "Share" it automatically fails with the whole password failure issue then assumes that "Guest" is trying to log on, which I don't want. If I set it to "user" I get prompted for the password, which obviously doesn't work either.
If I set security to "user", remove the need for encrypted passwords, allow null passwords, then set the smbpassword to null, I'm then told that the server is inaccessible and that I don't have access to the resource even though the account is part of the group and the group is set to rwx on the directory.
So, I'm just about at a loss at this point, and I'm not setting up a domain for just my wife and myself. If I can't get the password situation to work in a workgroup setting, can I at least get it to where the user IDs are used as owners of the files instead of lumping everyone under "guest"?