Samba will not accept the credentials

Question

I have a Debian computer running Samba. I access the server from another computer running Windows 7. As guest, I can list the share as read-only, force user, etc. But I can not access samba server with any credentials. I only get \\ip\storage is not accesible.

Here is my config:
* the users exist as real users
* samba runs as security = user
* I have added the user with smbpasswd -a user
* the logs don't show anything wrong
* the testparm is showing the following:

[global]
    server string = %h server
    interfaces = 127.0.0.0/8, eth1
    bind interfaces only = Yes
    map to guest = Bad User
    obey pam restrictions = Yes
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    dns proxy = No
    usershare allow guests = Yes
    panic action = /usr/share/samba/panic-action %d
    idmap config * : backend = tdb

[homes]
    comment = Home Directories
    valid users = %S
    read only = No
    create mask = 0700
    directory mask = 0700
    browseable = No

[printers]
    comment = All Printers
    path = /var/spool/samba
    create mask = 0700
    printable = Yes
    print ok = Yes
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers

[cdrom]
    comment = Samba server's CD-ROM
    path = /cdrom
    guest ok = Yes
    locking = No

[allusers]
    comment = Access to all users
    path = /home/samba-all-users
    valid users = @sambashare
    force group = sambashare
    read only = No
    create mask = 0770
    directory mask = 0771

[guest]
    comment = Read/Write Guest Account Access
    path = /home/samba-guest
    force group = sambashare
    read only = No
    create mask = 0775
    directory mask = 0775
    guest only = Yes
    guest ok = Yes

[storage]
    comment = Music
    path = /home/daniel/storage

Note:
* samba version is 3.6.6
* the client is running Windows 7 Home Premium
* I have a firewall with iptables on this computer, but it's doing only ICS at the moment of these tests. All rules are set on ACCEPT by default.

after you add the user to samba with smbpasswd -a user, did you reload the samba service? — c4f4t0r, Jan 10 '14 at 16:35
@c4f4t0r: actually I have restarted the service. I read so many tutorials on how to do it, but none of them worked. — machineaddict, Jan 10 '14 at 16:38
but on others share, user can login? because looking your config for share storage maybe you are missing something, try to add to storage share valid users = user — c4f4t0r, Jan 10 '14 at 17:04
Start by upping the log level so you can see what's actually happening, and we can go from there. ############## log level = 10 — rfelsburg, Jan 17 '14 at 17:21
@rfelsburg: I am still unable to post a log file because all the paste tools I tested have limitations. The log file at level 10 with one test after samba restart is 1,2MB. — machineaddict, Jan 18 '14 at 13:22
what about `/etc/pam.d/samba.*` and any linked conf using pam_stack.so ? — mveroone, Jan 19 '14 at 10:20
@Kwaio: I don't understand you. There is only a file `/etc/pam.d/samba` — machineaddict, Jan 23 '14 at 20:49
What's inside ? please post the content of this file. if any line mentions `pam_stack.so ...` please add /etc/pam.d/ files mentionned by these lines. — mveroone, Jan 24 '14 at 08:36
@Kwaio: the content is [this](http://pastebin.com/g6KgVJrP). There is no mentioning of `pam_stack.so`. — machineaddict, Jan 26 '14 at 17:55
My bad, `pam_stack.so` is the old methode. please append all files mentionned in `@include` lines — mveroone, Jan 27 '14 at 08:45
@Kwaio: [/etc/pam.d/common-auth](http://pastebin.com/yCtN9ZGF), [common-account](http://pastebin.com/4w1YHHD1) and [common-session-noninteractive](http://pastebin.com/9H0JXv8W) — machineaddict, Jan 27 '14 at 10:34

billyw · Answer 1 · 2014-01-17T18:32:49.090

4

The Windows 7 network client requires packet signing by default (to prevent man-in-the-middle attacks), and Samba disables packet signing by default. It may be that your client and server are failing to negotiate with each other on this item. So you could resolve it in one of two ways.

Server Side Solution: Enable Packet Signing on Samba

Add the following to your smb.conf:

server signing = auto

Restart the service and try again.

You could also try mandatory instead of auto. Read the docs here.

Client Side Solution: Disable Packet Signing on the Microsoft Network Client

First, open the Local Group Policy Editor:

Press the Start button
Type gpedit.msc in the Start search box and press Enter

In the Local Group Policy Editor, go to:

Local Computer Policy->
  Computer Configuration->
    Windows Settings->
      Security Settings->
        Local Policies->
          Security Options

Find the policy:

Microsoft network client: Digitally sign communications (always)

If this is enabled, change it to Disabled. Press Apply, restart the computer, and try again.

edited Jan 17 '14 at 18:32

answered Jan 17 '14 at 17:48

billyw

1,572
15
26

1

Setting `server signing` to any value (like you said) makes the samba share server invisible (it's not found). And I don't have `gpedit.msc` because I have `Window 7 Home Premium`. Any other suggestions? – machineaddict Jan 18 '14 at 12:32
My main suggestion is to provide more information in your original post, as suggested in the question's comments. Knowing the Samba version would also be nice, just to rule out a couple possibilities. And mention that the client is Windows 7 Home Premium in the original post. – billyw Jan 18 '14 at 17:17
I just added some notes to the original post – machineaddict Jan 19 '14 at 09:57

score 0 · Answer 2 · edited Mar 20 '17 at 10:16

0

You may check a similar question on superuser for possible solutions (https://superuser.com/questions/699240/windows-7-laptop-cant-reliably-connect-to-my-linux-smb-shared-directory/699273#699273)

edited Mar 20 '17 at 10:16

Community

1

answered Jan 10 '14 at 18:46

Ivan Viktorovic

126
2

That is not the problem – machineaddict Jan 17 '14 at 01:08

score 0 · Answer 3 · answered Jan 23 '14 at 03:45

0

here is my working config(on OpenSUSE 11,3 smbd Version 3.5.4-5.11.1-2573-SUSE-SL11.3) :

[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = no
domain logons = Yes
domain master = Yes
security = users
wins support = No
hosts allow = 192.168.0.*

[personal_projects]
inherit acls = No
path = /data_storage/personal_projects
read only = No
admin users = backupcat
available = Yes
browseable = Yes
comment = Komodo projects
guest ok = No
hosts allow = 192.168.0.*
valid users = @users
write list = @users

try it with your config.

answered Jan 23 '14 at 03:45

Eugene

26
2

I have modified your example to suit [my needs](http://pastebin.com/DrqUzUHW), but still no luck. – machineaddict Jan 26 '14 at 17:52
I think you shuold set "valid users" and "write list" to "@users" and try it again. and in your confing, you should connect like this : "\\YOUR_SERVER_IP\personal_projects" – Eugene Jan 27 '14 at 10:18
Doesn't `@users` means the group `users`? Because my account doesn't belong to `users` group. – machineaddict Jan 27 '14 at 11:18

score 0 · Answer 4 · answered Jan 24 '14 at 00:17

0

Maybe a longshot, but idmap config * invokes winbind, how is your nsswitch.conf looking? Especially lines regarding passwd:

Reference here for further reading if you have not already: http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html

Regards

answered Jan 24 '14 at 00:17

user185212

33
1
8

`nsswitch.conf` file has the [following content](http://pastebin.com/MU6R8EMr). And I didn't read and knew about that before. – machineaddict Jan 26 '14 at 18:03

Samba will not accept the credentials

4 Answers4