1) I have compiled samba from source with options: ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --with-privatedir=/etc/samba --with-fhs --with-quotas -with-pam --with-pam_smbpass --with-syslog --with-utmp --with-swatdir=/usr/share/swat --with-libsmbclient --with-acl-support --with-ldap 2) File smb.conf [global] log file = /var/log/samba/%m.log load printers = yes idmap gid = 16777216-33554431 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 winbind use default domain = no template shell = /bin/false dns proxy = no cups options = raw netbios name = ns1 netbios aliases = ns1 server string = SMBNT1 idmap uid = 16777216-33554431 workgroup = SAMSHOP os level = 20 printcap name = /etc/printcap security = user preferred master = no max log size = 500 lanman auth = yes client lanman auth = yes log level = 10 [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes 3) Added samba user miko 4) Sucessfuly log in to that server from VISTA 5) Unsucessful log in from Windows 98
Created attachment 4545 [details] This is log file for windows 98 client
Created attachment 4546 [details] This is log file for windows vista client
One more thing i noticed in log lines: [2009/08/12 15:26:00, 3] auth/auth_sam.c:check_sam_security(282) check_sam_security: Couldn't find user 'MIKO' in passdb. [2009/08/12 15:26:00, 5] auth/auth.c:check_ntlm_password(272) check_ntlm_password: sam authentication for user [MIKO] FAILED with error NT_STATUS_NO_SUCH_USER [2009/08/12 15:26:00, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [MIKO] -> [MIKO] FAILED with error NT_STATUS_NO_SUCH_USER Then i made another user but all with upper letters. After that it worked.
(In reply to comment #3) > One more thing i noticed in log lines: > > [2009/08/12 15:26:00, 3] auth/auth_sam.c:check_sam_security(282) > check_sam_security: Couldn't find user 'MIKO' in passdb. > [2009/08/12 15:26:00, 5] auth/auth.c:check_ntlm_password(272) > check_ntlm_password: sam authentication for user [MIKO] FAILED with error > NT_STATUS_NO_SUCH_USER > [2009/08/12 15:26:00, 2] auth/auth.c:check_ntlm_password(318) > check_ntlm_password: Authentication for user [MIKO] -> [MIKO] FAILED with > error NT_STATUS_NO_SUCH_USER > > > Then i made another user but all with upper letters. After that it worked. > Ever since Samba 3.2.x series Samba no longer defaults to providing the LANMAN password. Instead, it only supports the NT password. Windows 9x clients only support use of the LanMan password. If it is necessary for releases of Samba 3.2.0 and later to support LanMan passwords please add to the [global] section "lanman auth = yes", then reset user passwords - the LanMan password will now be stored in your "passdb backend". As to why an all upper-case password works: a) LanMan passwords are converted to upper-case and then hashed. b) When you added the NT password only in upper case, the resulting password is identical to the LanMan password. In other words, your approach is an effective work-around solution. The behavior you saw is expected behavior and is by design. This bug is therefore closed.
Created attachment 4572 [details] Another Log as domain member
(In reply to comment #4) > (In reply to comment #3) > > One more thing i noticed in log lines: > > > > [2009/08/12 15:26:00, 3] auth/auth_sam.c:check_sam_security(282) > > check_sam_security: Couldn't find user 'MIKO' in passdb. > > [2009/08/12 15:26:00, 5] auth/auth.c:check_ntlm_password(272) > > check_ntlm_password: sam authentication for user [MIKO] FAILED with error > > NT_STATUS_NO_SUCH_USER > > [2009/08/12 15:26:00, 2] auth/auth.c:check_ntlm_password(318) > > check_ntlm_password: Authentication for user [MIKO] -> [MIKO] FAILED with > > error NT_STATUS_NO_SUCH_USER > > > > > > Then i made another user but all with upper letters. After that it worked. > > > > Ever since Samba 3.2.x series Samba no longer defaults to providing the LANMAN > password. Instead, it only supports the NT password. Windows 9x clients only > support use of the LanMan password. If it is necessary for releases of Samba > 3.2.0 and later to support LanMan passwords please add to the [global] section > "lanman auth = yes", then reset user passwords - the LanMan password will now > be stored in your "passdb backend". > > As to why an all upper-case password works: > a) LanMan passwords are converted to upper-case and then hashed. > b) When you added the NT password only in upper case, the resulting password is > identical to the LanMan password. > > In other words, your approach is an effective work-around solution. > > The behavior you saw is expected behavior and is by design. This bug is > therefore closed. > Why added parametars for LANMAN is not working as espected. This is only test config that i made. I am runing Domain Controler on ldap with 100+ users. some clients uses windows 98 in this cases RETAIL shop. And my point is that it dont work with or without those parametars in configuration example i made. Version of samba 3.3 works fine with it. That means i can not migrate my old samba DC to new one cause windows 98 clients wont log in to domain controller (i tryed it already it really wont work. Also the parametar: map untrusted to domain = yes i put there). I added Also log file for that Client.
> Why added parametars for LANMAN is not working as espected. This is only test > config that i made. I am runing Domain Controler on ldap with 100+ users. some > clients uses windows 98 in this cases RETAIL shop. And my point is that it dont > work with or without those parametars in configuration example i made. Version > of samba 3.3 works fine with it. That means i can not migrate my old samba DC > to new one cause windows 98 clients wont log in to domain controller (i tryed > it already it really wont work. Also the parametar: map untrusted to domain = > yes i put there). Did you reset the password after enabling lanman auth and client lanman auth?
(In reply to comment #7) > > Why added parametars for LANMAN is not working as espected. This is only test > > config that i made. I am runing Domain Controler on ldap with 100+ users. some > > clients uses windows 98 in this cases RETAIL shop. And my point is that it dont > > work with or without those parametars in configuration example i made. Version > > of samba 3.3 works fine with it. That means i can not migrate my old samba DC > > to new one cause windows 98 clients wont log in to domain controller (i tryed > > it already it really wont work. Also the parametar: map untrusted to domain = > > yes i put there). > > Did you reset the password after enabling lanman auth and client lanman auth? > with command smbpasswd - yes when it wasnt on doamin. (In reply to comment #7) > > Why added parametars for LANMAN is not working as espected. This is only test > > config that i made. I am runing Domain Controler on ldap with 100+ users. some > > clients uses windows 98 in this cases RETAIL shop. And my point is that it dont > > work with or without those parametars in configuration example i made. Version > > of samba 3.3 works fine with it. That means i can not migrate my old samba DC > > to new one cause windows 98 clients wont log in to domain controller (i tryed > > it already it really wont work. Also the parametar: map untrusted to domain = > > yes i put there). > > Did you reset the password after enabling lanman auth and client lanman auth? > Shure i did try all of variations on that subject lanman. I joined now this samba server to domain. if u didnt notice that Is this the stuff u were looking for (it is ldap entry now) : sambaLMPassword: F3A52DC93C893A4DAAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: F42EBA7082013FF18C648C5D137AC6B8
ack, I saw the same thing with a plain lanmanager client
my lanmanager case was indeed cause by the lack of setting map untrusted to domain. It works with 3.4.2 in all cases where it's supposed to work. Whenever there is a local user or where map untrusted to domain is enabled logon works when lanman auth is enabled on member server and DC.