Samba is rejecting passwords from XP PCs in workgroup (not domain)

Posted on 2008-10-31
Last Modified: 2013-12-02
I have built a mirrored Ubuntu server for my home using the latest Samba, compiled from source code.  All of the PCs in the house are either XP SP2/SP3 or Vista.  Obviously, because this is just a family thing we are only using workgroups, not a domain.

This server will also be connected with an inbound SSH/SFTP port for one of my friends who helped to fund this little box as an offsite storage facility for his photography side-business.  Because this server will still have an opening from the Internet, I would prefer to be able to have some kind of authentication for the local LAN.  

Yes, it's probably overkill because the SSH/SFTP key was generated with 4096-bit RSA encryption, the only port to the box from the outside is the one for SSH/SFTP (which is nowhere close to port 22, by the way), and my wireless router has WPA2 and a 23-key password.  But I'd still like to be able to have some kind of security internally for the Samba connection.

I created the Linux and Samba accounts to match the workgroup accounts on each PC, and I've applied the same password to both the Linux and Samba accounts.  I can see the server fine from Windows Explorer, but when I attempt to log on -- you guessed it -- it fails and I get the wonderful "FAILED with error NT_STATUS_WRONG_PASSWORD" and "NT_STATUS_LOGON_FAILURE" messages in the logs.  

I'm apparently a victim of the XP encrypted password situation that is often mentioned on the web; however, most of the "solutions" assume that a domain is being used, not a workgroup.  

If I set security to "Share" it automatically fails with the whole password failure issue then assumes that "Guest" is trying to log on, which I don't want.  If I set it to "user" I get prompted for the password, which obviously doesn't work either.  

If I set security to "user", remove the need for encrypted passwords, allow null passwords, then set the smbpassword to null, I'm then told that the server is inaccessible and that I don't have access to the resource even though the account is part of the group and the group is set to rwx on the directory.

So, I'm just about at a loss at this point, and I'm not setting up a domain for just my wife and myself. If I can't get the password situation to work in a workgroup setting, can I at least get it to where the user IDs are used as owners of the files instead of lumping everyone under "guest"?
Question by:WidescreenJohn

Accepted Solution

sleepless6 earned 250 total points
ID: 22915549
how did you setup the users names and passwords on the ubuntu server?

for some strange reason, and i have personally found this a lot, that if you set up a username and password from command line, it won't always connect to the share from windows. it will give you an error. One of the servers we run at work is like this and it's not until we reset the password using webmin that the user can connect.

so if you haven't got webmin installed do the following on the ubuntu server

1. #sudo apt-get install ssh
2. Enable the universe and multiverse repositories in the /etc/apt/sources.list (
3. To make this easier use a ssh client like Putty (Win32) or a Term on another machine that has a GUI and copy / paste these commands or you can just re-type them&
Below is the source I just happened to use. If it is not working go to: and find a working mirror.
#gzip -cd webmin-1.270.tar.gz | tar xvf -
#sudo apt-get install libauthen-pam-perl libnet-ssleay-perl libpam-runtime openssl perl perl-modules
#cd webmin*
#sudo ./
Basically just hit enter and choose SSL and the auto start the service at boot
Web server port (default 10000): (Feel Free to change this)
Login name (default admin):
Login password: AReallyGoodONE
Password again: AReallyGoodONE
Use SSL (y/n): y
Start Webmin at boot time (y/n): y
Now you can login with the user/password that you set at the https://IpAddressOfYourMachine:10000

using webmin you can setup usernames and passwords within samba as well that will allow you to connect from a windows machine.


Author Comment

ID: 23057016
Interesting.  I've finally just given up, reduced my paranoia, and changed all connections to the samba user, but I'm still going to give this a try.  To answer your initial question, yes, I did just use the command line, but are you talking about the operating system user or the SAMBA user?

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Goal:  To set up a secure SSH server for your home computer to make it accessible anywhere AND to use it as a port forwarding proxy. Steps 1.  WinSSHD version 5 is free for personal use.  So download and install it.  You can download it from the…
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question