# Samba 4.5 tip[solved]

## jserink

Hi All:

Have spent the last 6 hours trying to get samba to work again with my windows7 VM.

On June 5 I upgraded samba to 4.5-10 from 4.2-14...I never restarted the samba daemons so my laptop sat at work for 5 days until I shut it down friday.

Booted up today at home to start on a compliance table for a tender and Windows7 can't connect to samba.....WTF?

From a bash console smbclient works fine.....I haven't changed anything. Ok, so try and downgrade back to 4.2-14....

Now that version crashes, it won't startup at all. Bugger. back to 4.5-10.

Google-fu.....found it in man smb.conf:

 [       ntlm auth (G)

           This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM

           encrypted password response. If disabled, either the lanman password hash or an NTLMv2 response will need

           to be sent by the client.

           If this option, and lanman auth are both disabled, then only NTLMv2 logins will be permited. Not all

           clients support NTLMv2, and most will require special configuration to use it.

           The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

           The default changed from "yes" to "no" with Samba 4.5.

           Default: ntlm auth = no

]

Notice the second last line....I had no "ntlm auth" statement in my smb.conf as the default YES was fine....until the default changed.

So now I have it in there.

6 hours.

Samba guys, surely there's a better way? A list of defaults that have changed AT THE BEGINNING of the release notes for each version perhaps?

Maybe its already there somewhere but samba is such a mammoth package, one gets lost easily.

A tip to save you time.

Cheers,

John

----------

## Tony0945

Had much the same problems. Solved mine by changing

```
name resolve order = hosts wins bcast lmhosts
```

to

```
name resolve order = bcast
```

Read a bunch of stuff online about wins. Still don't understand it or whether I want it or not.

----------

## gordonb3

Thank you very much. Could not figure out what happened. Windows 7 and up did not experience any issues, but I have a flatbed scanner attached to an XP VM and that one could no longer connect to the image folder. `ntlm auth = yes` allowed the XP machine back in.

----------

## Fitzcarraldo

 *Tony0945 wrote:*   

> Had much the same problems. Solved mine by changing
> 
> ```
> name resolve order = hosts wins bcast lmhosts
> ```
> ...

 

If you are using a Windows Workgroup on a typical home network, WINS is not necessary. Broadcast NetBIOS name resolution works fine for a typical home network. That's how all the Windows and non-Windows machines are set up on my home network: A correct method of configuring Samba for browsing SMB shares in a home network.

----------

## Tony0945

Thank You, FitzCarraldo for that very informative blog post! It is much clearer than the Windows stuff that I have been reading. My network consists of one XP machine, one Win 7 machine and two Gentoo machines.  Most (but not all) traffic is transferring files between the two Windows machines and the central Linux server. The Win 7 machine is recent and I was dismayed by that homegroup setup. When I couldn't connect from either XP or Gentoo, I installed a business group (or whatever they call it) and was able to connect. You would think that at least Windows could easily connect to Windows, wouldn't you?

----------

## Fitzcarraldo

 *Tony0945 wrote:*   

> Thank You, FitzCarraldo for that very informative blog post! It is much clearer than the Windows stuff that I have been reading. My network consists of one XP machine, one Win 7 machine and two Gentoo machines.  Most (but not all) traffic is transferring files between the two Windows machines and the central Linux server. The Win 7 machine is recent and I was dismayed by that homegroup setup. When I couldn't connect from either XP or Gentoo, I installed a business group (or whatever they call it) and was able to connect. You would think that at least Windows could easily connect to Windows, wouldn't you?

 

I'm glad you found it helpful. Windows networking is awful!

----------

## gordonb3

Hmmm. Windows networking is pretty straight forward. They just did this weird thing with network auto discovery (copied from Mac obviously) and making the machines exchange (security) information on their own. Workgroup or Homegroup doesn't really do anything. It's mostly a placeholder that is apparently required by the security system. A domain grants the server control over the member machines' security which is kind of cool from an administrator's point of view. Microsoft sort if f'd it up though starting with Vista and the server now essentially only acts as a password server. For which far better systems exist than this weird sub-security layer.

----------

