Solved

Samba is rejecting passwords from XP PCs in workgroup (not domain)

Posted on 2008-10-31
2
857 Views
Last Modified: 2013-12-02
I have built a mirrored Ubuntu server for my home using the latest Samba, compiled from source code.  All of the PCs in the house are either XP SP2/SP3 or Vista.  Obviously, because this is just a family thing we are only using workgroups, not a domain.

This server will also be connected with an inbound SSH/SFTP port for one of my friends who helped to fund this little box as an offsite storage facility for his photography side-business.  Because this server will still have an opening from the Internet, I would prefer to be able to have some kind of authentication for the local LAN.  

Yes, it's probably overkill because the SSH/SFTP key was generated with 4096-bit RSA encryption, the only port to the box from the outside is the one for SSH/SFTP (which is nowhere close to port 22, by the way), and my wireless router has WPA2 and a 23-key password.  But I'd still like to be able to have some kind of security internally for the Samba connection.

I created the Linux and Samba accounts to match the workgroup accounts on each PC, and I've applied the same password to both the Linux and Samba accounts.  I can see the server fine from Windows Explorer, but when I attempt to log on -- you guessed it -- it fails and I get the wonderful "FAILED with error NT_STATUS_WRONG_PASSWORD" and "NT_STATUS_LOGON_FAILURE" messages in the logs.  

I'm apparently a victim of the XP encrypted password situation that is often mentioned on the web; however, most of the "solutions" assume that a domain is being used, not a workgroup.  

If I set security to "Share" it automatically fails with the whole password failure issue then assumes that "Guest" is trying to log on, which I don't want.  If I set it to "user" I get prompted for the password, which obviously doesn't work either.  

If I set security to "user", remove the need for encrypted passwords, allow null passwords, then set the smbpassword to null, I'm then told that the server is inaccessible and that I don't have access to the resource even though the account is part of the group and the group is set to rwx on the directory.

So, I'm just about at a loss at this point, and I'm not setting up a domain for just my wife and myself. If I can't get the password situation to work in a workgroup setting, can I at least get it to where the user IDs are used as owners of the files instead of lumping everyone under "guest"?
0
Comment
Question by:WidescreenJohn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
sleepless6 earned 250 total points
ID: 22915549
how did you setup the users names and passwords on the ubuntu server?

for some strange reason, and i have personally found this a lot, that if you set up a username and password from command line, it won't always connect to the share from windows. it will give you an error. One of the servers we run at work is like this and it's not until we reset the password using webmin that the user can connect.

so if you haven't got webmin installed do the following on the ubuntu server

1. #sudo apt-get install ssh
2. Enable the universe and multiverse repositories in the /etc/apt/sources.list (https://wiki.ubuntu.com/AddingRepositoriesCliHowto)
3. To make this easier use a ssh client like Putty (Win32) or a Term on another machine that has a GUI and copy / paste these commands or you can just re-type them&
Below is the source I just happened to use. If it is not working go to: http://prdownloads.sourceforge.net/webadmin/webmin-1.270.tar.gz and find a working mirror.
#wget http://easynews.dl.sourceforge.net/sourceforge/webadmin/webmin-1.270.tar.gz
#gzip -cd webmin-1.270.tar.gz | tar xvf -
#sudo apt-get install libauthen-pam-perl libnet-ssleay-perl libpam-runtime openssl perl perl-modules
#cd webmin*
#sudo ./setup.sh
Basically just hit enter and choose SSL and the auto start the service at boot
Web server port (default 10000): (Feel Free to change this)
Login name (default admin):
Login password: AReallyGoodONE
Password again: AReallyGoodONE
Use SSL (y/n): y
Start Webmin at boot time (y/n): y
Now you can login with the user/password that you set at the https://IpAddressOfYourMachine:10000

using webmin you can setup usernames and passwords within samba as well that will allow you to connect from a windows machine.

0
 
LVL 3

Author Comment

by:WidescreenJohn
ID: 23057016
Interesting.  I've finally just given up, reduced my paranoia, and changed all connections to the samba user, but I'm still going to give this a try.  To answer your initial question, yes, I did just use the command line, but are you talking about the operating system user or the SAMBA user?
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Goal:  To set up a secure SSH server for your home computer to make it accessible anywhere AND to use it as a port forwarding proxy. Steps 1.  WinSSHD version 5 is free for personal use.  So download and install it.  You can download it from the…
Determining the an SCCM package name from the Package ID
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question