Solved

Samba is rejecting passwords from XP PCs in workgroup (not domain)

Posted on 2008-10-31
2
846 Views
Last Modified: 2013-12-02
I have built a mirrored Ubuntu server for my home using the latest Samba, compiled from source code.  All of the PCs in the house are either XP SP2/SP3 or Vista.  Obviously, because this is just a family thing we are only using workgroups, not a domain.

This server will also be connected with an inbound SSH/SFTP port for one of my friends who helped to fund this little box as an offsite storage facility for his photography side-business.  Because this server will still have an opening from the Internet, I would prefer to be able to have some kind of authentication for the local LAN.  

Yes, it's probably overkill because the SSH/SFTP key was generated with 4096-bit RSA encryption, the only port to the box from the outside is the one for SSH/SFTP (which is nowhere close to port 22, by the way), and my wireless router has WPA2 and a 23-key password.  But I'd still like to be able to have some kind of security internally for the Samba connection.

I created the Linux and Samba accounts to match the workgroup accounts on each PC, and I've applied the same password to both the Linux and Samba accounts.  I can see the server fine from Windows Explorer, but when I attempt to log on -- you guessed it -- it fails and I get the wonderful "FAILED with error NT_STATUS_WRONG_PASSWORD" and "NT_STATUS_LOGON_FAILURE" messages in the logs.  

I'm apparently a victim of the XP encrypted password situation that is often mentioned on the web; however, most of the "solutions" assume that a domain is being used, not a workgroup.  

If I set security to "Share" it automatically fails with the whole password failure issue then assumes that "Guest" is trying to log on, which I don't want.  If I set it to "user" I get prompted for the password, which obviously doesn't work either.  

If I set security to "user", remove the need for encrypted passwords, allow null passwords, then set the smbpassword to null, I'm then told that the server is inaccessible and that I don't have access to the resource even though the account is part of the group and the group is set to rwx on the directory.

So, I'm just about at a loss at this point, and I'm not setting up a domain for just my wife and myself. If I can't get the password situation to work in a workgroup setting, can I at least get it to where the user IDs are used as owners of the files instead of lumping everyone under "guest"?
0
Comment
Question by:WidescreenJohn
2 Comments
 
LVL 5

Accepted Solution

by:
sleepless6 earned 250 total points
Comment Utility
how did you setup the users names and passwords on the ubuntu server?

for some strange reason, and i have personally found this a lot, that if you set up a username and password from command line, it won't always connect to the share from windows. it will give you an error. One of the servers we run at work is like this and it's not until we reset the password using webmin that the user can connect.

so if you haven't got webmin installed do the following on the ubuntu server

1. #sudo apt-get install ssh
2. Enable the universe and multiverse repositories in the /etc/apt/sources.list (https://wiki.ubuntu.com/AddingRepositoriesCliHowto)
3. To make this easier use a ssh client like Putty (Win32) or a Term on another machine that has a GUI and copy / paste these commands or you can just re-type them&
Below is the source I just happened to use. If it is not working go to: http://prdownloads.sourceforge.net/webadmin/webmin-1.270.tar.gz and find a working mirror.
#wget http://easynews.dl.sourceforge.net/sourceforge/webadmin/webmin-1.270.tar.gz
#gzip -cd webmin-1.270.tar.gz | tar xvf -
#sudo apt-get install libauthen-pam-perl libnet-ssleay-perl libpam-runtime openssl perl perl-modules
#cd webmin*
#sudo ./setup.sh
Basically just hit enter and choose SSL and the auto start the service at boot
Web server port (default 10000): (Feel Free to change this)
Login name (default admin):
Login password: AReallyGoodONE
Password again: AReallyGoodONE
Use SSL (y/n): y
Start Webmin at boot time (y/n): y
Now you can login with the user/password that you set at the https://IpAddressOfYourMachine:10000

using webmin you can setup usernames and passwords within samba as well that will allow you to connect from a windows machine.

0
 
LVL 3

Author Comment

by:WidescreenJohn
Comment Utility
Interesting.  I've finally just given up, reduced my paranoia, and changed all connections to the samba user, but I'm still going to give this a try.  To answer your initial question, yes, I did just use the command line, but are you talking about the operating system user or the SAMBA user?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Goal:  To set up a secure SSH server for your home computer to make it accessible anywhere AND to use it as a port forwarding proxy. Steps 1.  WinSSHD version 5 is free for personal use.  So download and install it.  You can download it from the…
This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now