Samba client cannot authenticate, possible bad password error: You may run into odd errors authenticating if Samba and the server (Windows or Samba) do not agree on whether to use LANMAN, NTLM, or NTLMv2. If this happens, you may receive a NT_STATUS_LOGON_FAILURE with Samba, and the server will have a Bad Password error (0xC000006A in the Windows Security log). By default (December 2006 on a Gentoo machine), Samba has NTLM and LANMAN authentication enabled, but NTLMv2 is disabled. If the server is set to allow only NTLMv2, then you will fail. This setting is the infamous lmcompatibilitylevel key in HKLM\System\CurrentControlSet\Control\Lsa. When set to 5, the server will only accept NTLMv2 responses (client requests, server challenges, client responds). To allow Samba to send an NTLMv2 response, edit smb.conf’s global section and add
client ntlmv2 auth = yes
This will also disable NTLM and LANMAN auth, so if you have trouble accessing older machines’ shares, then you may have issues. I recommend disabling LANMAN auth as well. It is known to be very weak. To do so:
client lanman auth = no
Leave a Reply