• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 883
  • Last Modified:

Samba is rejecting passwords from XP PCs in workgroup (not domain)

I have built a mirrored Ubuntu server for my home using the latest Samba, compiled from source code.  All of the PCs in the house are either XP SP2/SP3 or Vista.  Obviously, because this is just a family thing we are only using workgroups, not a domain.

This server will also be connected with an inbound SSH/SFTP port for one of my friends who helped to fund this little box as an offsite storage facility for his photography side-business.  Because this server will still have an opening from the Internet, I would prefer to be able to have some kind of authentication for the local LAN.  

Yes, it's probably overkill because the SSH/SFTP key was generated with 4096-bit RSA encryption, the only port to the box from the outside is the one for SSH/SFTP (which is nowhere close to port 22, by the way), and my wireless router has WPA2 and a 23-key password.  But I'd still like to be able to have some kind of security internally for the Samba connection.

I created the Linux and Samba accounts to match the workgroup accounts on each PC, and I've applied the same password to both the Linux and Samba accounts.  I can see the server fine from Windows Explorer, but when I attempt to log on -- you guessed it -- it fails and I get the wonderful "FAILED with error NT_STATUS_WRONG_PASSWORD" and "NT_STATUS_LOGON_FAILURE" messages in the logs.  

I'm apparently a victim of the XP encrypted password situation that is often mentioned on the web; however, most of the "solutions" assume that a domain is being used, not a workgroup.  

If I set security to "Share" it automatically fails with the whole password failure issue then assumes that "Guest" is trying to log on, which I don't want.  If I set it to "user" I get prompted for the password, which obviously doesn't work either.  

If I set security to "user", remove the need for encrypted passwords, allow null passwords, then set the smbpassword to null, I'm then told that the server is inaccessible and that I don't have access to the resource even though the account is part of the group and the group is set to rwx on the directory.

So, I'm just about at a loss at this point, and I'm not setting up a domain for just my wife and myself. If I can't get the password situation to work in a workgroup setting, can I at least get it to where the user IDs are used as owners of the files instead of lumping everyone under "guest"?
1 Solution
how did you setup the users names and passwords on the ubuntu server?

for some strange reason, and i have personally found this a lot, that if you set up a username and password from command line, it won't always connect to the share from windows. it will give you an error. One of the servers we run at work is like this and it's not until we reset the password using webmin that the user can connect.

so if you haven't got webmin installed do the following on the ubuntu server

1. #sudo apt-get install ssh
2. Enable the universe and multiverse repositories in the /etc/apt/sources.list (https://wiki.ubuntu.com/AddingRepositoriesCliHowto)
3. To make this easier use a ssh client like Putty (Win32) or a Term on another machine that has a GUI and copy / paste these commands or you can just re-type them&
Below is the source I just happened to use. If it is not working go to: http://prdownloads.sourceforge.net/webadmin/webmin-1.270.tar.gz and find a working mirror.
#wget http://easynews.dl.sourceforge.net/sourceforge/webadmin/webmin-1.270.tar.gz
#gzip -cd webmin-1.270.tar.gz | tar xvf -
#sudo apt-get install libauthen-pam-perl libnet-ssleay-perl libpam-runtime openssl perl perl-modules
#cd webmin*
#sudo ./setup.sh
Basically just hit enter and choose SSL and the auto start the service at boot
Web server port (default 10000): (Feel Free to change this)
Login name (default admin):
Login password: AReallyGoodONE
Password again: AReallyGoodONE
Use SSL (y/n): y
Start Webmin at boot time (y/n): y
Now you can login with the user/password that you set at the https://IpAddressOfYourMachine:10000

using webmin you can setup usernames and passwords within samba as well that will allow you to connect from a windows machine.

WidescreenJohnAuthor Commented:
Interesting.  I've finally just given up, reduced my paranoia, and changed all connections to the samba user, but I'm still going to give this a try.  To answer your initial question, yes, I did just use the command line, but are you talking about the operating system user or the SAMBA user?

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now