Can't connect from Windows 10 to Samba share

Issues related to applications and software problems and general support
Post Reply
oleksii.sokol
Posts: 1
Joined: 2020/02/05 14:45:26

Can't connect from Windows 10 to Samba share

Post by oleksii.sokol » 2020/02/06 13:37:24

Hello!
I newbie in CentOS and samba configuration, I would like to kindly ask you with any advise.
Brief description of my infrastructure:
CentOS Linux 8.1.1911
Samba version 4.10.4 (standalone)
Clients: Windows 10 1709, 1803,1903
(AD domain join)
Using Webmin I did following:
1) create an Unix user and group
2) add an Unix user to a group
3) create Samba share /cbdata/data, share name = data, Guest Access =None, Guest Unix user =nobody
4) added Unix group to Valid group on Samba share
5) convert Unix user to Samba user
The idea is following on /cbdata/data/ create folder for Windows users and map as network drive on Windows PC,
so the whole path should look like \\<sambaserver>\data\<userfolder>

smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
load printers = yes
workgroup = sh
printcap name = cups
auto services = data
winbind use default domain = yes
passdb backend = smbpasswd
cups options = raw
log file = /var/log/samba/%m.log
debuglevel = 4
security = user
winbind trusted domains only = yes
printing = cups
client max protocol = SMB3_11
preferred master = no
client min protocol = SMB3_02
os level = 20
netbios name = c2shfscb
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[data]
writeable = yes
inherit permissions = yes
valid users = @smbgroup
path = /cbdata/data
force create mode = 777
browsable = yes
force directory mode = 777

testparm
root@c2shfscb ~]# testparm
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions
# Global parameters
[global]
auto services = data
client max protocol = SMB3
client min protocol = SMB3_02
log file = /var/log/samba/%m.log
passdb backend = smbpasswd
preferred master = No
printcap name = cups
security = USER
winbind use default domain = Yes
workgroup = SH
idmap config * : backend = tdb
cups options = raw
[homes]
browseable = No
comment = Home Directories
inherit acls = Yes
read only = No
valid users = %S %D%w%S
[printers]
browseable = No
comment = All Printers
create mask = 0600
path = /var/tmp
printable = Yes
[print$]
comment = Printer Drivers
create mask = 0664
directory mask = 0775
force group = @printadmin
path = /var/lib/samba/drivers
write list = @printadmin root
[data]
force create mode = 0777
force directory mode = 0777
inherit permissions = Yes
path = /cbdata/data
read only = No
valid users = @smbgroup

*I have deleted option "winbind trusted domains only" in smb.conf but after service restart it's record appeared again.

The permission out put
[root@c2shfscb ~]# ls -alh /cbdata/data
total 20K
drwxr-xr-x. 5 root smbgroup 4.0K Feb 5 17:08 .
drwxr-xr-x. 4 root root 4.0K Feb 3 09:34 ..
drwxr-xr-x. 2 oleksii.sokol smbgroup 4.0K Feb 5 17:08 oleksii.sokol
drwxr-xr-x. 2 smbtst sharedaccess 4.0K Jan 31 13:49 smbtst
drwxr-xr-x. 2 usertest sharedaccess 4.0K Jan 31 18:02 usertest
[root@c2shfscb ~]# ls -alh /cbdata/data/oleksii.sokol
total 8.0K
drwxr-xr-x. 2 oleksii.sokol smbgroup 4.0K Feb 5 17:08 .
drwxr-xr-x. 5 root smbgroup 4.0K Feb 5 17:08 ..

When i try to connect to samba server from windows PC \\<sambaserver>\data\<userfolder>, get a field to put user credentials, type in different
formats, like : .\username and password or <sambaserver>\username and password, but got an error message "Specified network password is not correct"

In samba log I see this:
2020/02/06 14:50:41.254213, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[data]"
doing parameter writeable = yes
doing parameter inherit permissions = yes
doing parameter valid users = @smbgroup
doing parameter path = /cbdata/data
doing parameter force create mode = 777
doing parameter browsable = yes
doing parameter force directory mode = 777
[2020/02/06 14:50:41.254326, 4] ../../source3/param/loadparm.c:3914(lp_load_ex)
pm_process() returned Yes
[2020/02/06 14:50:41.254343, 3] ../../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2020/02/06 14:50:41.254410, 3] ../../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [SH]\[oleksii.sokol]@[ITCWS01] with the new password interface
[2020/02/06 14:50:41.254466, 3] ../../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [SH]\[oleksii.sokol]@[ITCWS01]
[2020/02/06 14:50:41.254479, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.254488, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2020/02/06 14:50:41.254496, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255201, 4] ../../source3/lib/substitute.c:450(automount_server)
Home server: c2shfscb
[2020/02/06 14:50:41.255244, 4] ../../source3/lib/substitute.c:450(automount_server)
Home server: c2shfscb
[2020/02/06 14:50:41.255263, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255273, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255280, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255315, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255414, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255429, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255437, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255467, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255482, 3] ../../source3/passdb/lookup_sid.c:1594(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for oleksii.sokol
[2020/02/06 14:50:41.255492, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255500, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255507, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255528, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255552, 4] ../../source3/lib/substitute.c:450(automount_server)
Home server: c2shfscb
[2020/02/06 14:50:41.255566, 4] ../../source3/lib/substitute.c:450(automount_server)
Home server: c2shfscb
[2020/02/06 14:50:41.255578, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255586, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255593, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255615, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255642, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2020/02/06 14:50:41.255659, 4] ../../libcli/auth/ntlm_check.c:364(ntlm_password_check)
ntlm_password_check: Checking NTLMv2 password with domain [SH]
[2020/02/06 14:50:41.255677, 4] ../../libcli/auth/ntlm_check.c:378(ntlm_password_check)
ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [SH]
[2020/02/06 14:50:41.255688, 4] ../../libcli/auth/ntlm_check.c:391(ntlm_password_check)
ntlm_password_check: Checking NTLMv2 password without a domain
[2020/02/06 14:50:41.255698, 3] ../../libcli/auth/ntlm_check.c:403(ntlm_password_check)
ntlm_password_check: NTLMv2 password check failed
[2020/02/06 14:50:41.255705, 3] ../../libcli/auth/ntlm_check.c:449(ntlm_password_check)
ntlm_password_check: Lanman passwords NOT PERMITTED for user oleksii.sokol
[2020/02/06 14:50:41.255712, 4] ../../libcli/auth/ntlm_check.c:486(ntlm_password_check)
ntlm_password_check: Checking LMv2 password with domain SH
[2020/02/06 14:50:41.255722, 4] ../../libcli/auth/ntlm_check.c:515(ntlm_password_check)
ntlm_password_check: Checking LMv2 password with upper-cased version of domain SH
[2020/02/06 14:50:41.255731, 4] ../../libcli/auth/ntlm_check.c:543(ntlm_password_check)
ntlm_password_check: Checking LMv2 password without a domain
[2020/02/06 14:50:41.255741, 4] ../../libcli/auth/ntlm_check.c:574(ntlm_password_check)
ntlm_password_check: Checking NT MD4 password in LM field
[2020/02/06 14:50:41.255748, 3] ../../libcli/auth/ntlm_check.c:595(ntlm_password_check)
ntlm_password_check: LM password and LMv2 failed for user oleksii.sokol, and NT MD4 password in LM field not permitted
[2020/02/06 14:50:41.255757, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255765, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2020/02/06 14:50:41.255772, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255794, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2020/02/06 14:50:41.255804, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255812, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2020/02/06 14:50:41.255819, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255832, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255840, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255846, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2020/02/06 14:50:41.255866, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255881, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2020/02/06 14:50:41.255891, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255898, 4] ../../source3/smbd/uid.c:553(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2020/02/06 14:50:41.255905, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2020/02/06 14:50:41.255970, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2020/02/06 14:50:41.255982, 2] ../../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [oleksii.sokol] -> [oleksii.sokol] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2020/02/06 14:50:41.256016, 2] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [SH]\[oleksii.sokol] at [Thu, 06 Feb 2020 14:50:41.256004 EET] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [ITCWS01] remote host [ipv4:172.30.250.53:57458] mapped to [SH]\[oleksii.sokol]. local host [ipv4:172.29.5.189:445]
{"timestamp": "2020-02-06T14:50:41.256114+0200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 1}, "eventId": 4625, "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:172.29.5.189:445", "remoteAddress": "ipv4:172.30.250.53:57458", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "SH", "clientAccount": "oleksii.sokol", "workstation": "ITCWS01", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "oleksii.sokol", "mappedDomain": "SH", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 80619}}
[2020/02/06 14:50:41.256181, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2020/02/06 14:50:41.256207, 3] ../../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD
[2020/02/06 14:50:41.256219, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1

Post Reply

Return to “CentOS 8 - General Support”