Samba will not accept the credentials
The Windows 7 network client requires packet signing by default (to prevent man-in-the-middle attacks), and Samba disables packet signing by default. It may be that your client and server are failing to negotiate with each other on this item. So you could resolve it in one of two ways.
Server Side Solution: Enable Packet Signing on Samba
Add the following to your smb.conf:
server signing = auto
Restart the service and try again.
You could also try mandatory
instead of auto
. Read the docs here.
Client Side Solution: Disable Packet Signing on the Microsoft Network Client
First, open the Local Group Policy Editor:
- Press the Start button
- Type
gpedit.msc
in the Start search box and press Enter
In the Local Group Policy Editor, go to:
Local Computer Policy->
Computer Configuration->
Windows Settings->
Security Settings->
Local Policies->
Security Options
Find the policy:
Microsoft network client: Digitally sign communications (always)
If this is enabled, change it to Disabled. Press Apply, restart the computer, and try again.
Comments
-
machineaddict over 1 year
I have a
Debian
computer runningSamba
. I access the server from another computer runningWindows 7
. As guest, I can list the share as read-only, force user, etc. But I can not access samba server with any credentials. I only get \\ip\storage is not accesible.Here is my config:
* the users exist as real users
* samba runs assecurity = user
* I have added the user withsmbpasswd -a user
* the logs don't show anything wrong
* the testparm is showing the following:[global] server string = %h server interfaces = 127.0.0.0/8, eth1 bind interfaces only = Yes map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [cdrom] comment = Samba server's CD-ROM path = /cdrom guest ok = Yes locking = No [allusers] comment = Access to all users path = /home/samba-all-users valid users = @sambashare force group = sambashare read only = No create mask = 0770 directory mask = 0771 [guest] comment = Read/Write Guest Account Access path = /home/samba-guest force group = sambashare read only = No create mask = 0775 directory mask = 0775 guest only = Yes guest ok = Yes [storage] comment = Music path = /home/daniel/storage
Note:
* samba version is 3.6.6
* the client is running Windows 7 Home Premium
* I have a firewall with iptables on this computer, but it's doing only ICS at the moment of these tests. All rules are set on ACCEPT by default. -
machineaddict over 10 yearsThat is not the problem
-
machineaddict over 10 yearsSetting
server signing
to any value (like you said) makes the samba share server invisible (it's not found). And I don't havegpedit.msc
because I haveWindow 7 Home Premium
. Any other suggestions? -
billyw over 10 yearsMy main suggestion is to provide more information in your original post, as suggested in the question's comments. Knowing the Samba version would also be nice, just to rule out a couple possibilities. And mention that the client is Windows 7 Home Premium in the original post.
-
machineaddict over 10 yearsI just added some notes to the original post
-
machineaddict over 10 yearsI have modified your example to suit my needs, but still no luck.
-
machineaddict over 10 years
nsswitch.conf
file has the following content. And I didn't read and knew about that before. -
Eugene over 10 yearsI think you shuold set "valid users" and "write list" to "@users" and try it again. and in your confing, you should connect like this : "\\YOUR_SERVER_IP\personal_projects"
-
machineaddict over 10 yearsDoesn't
@users
means the groupusers
? Because my account doesn't belong tousers
group.