# Authentication Problem with Samba

## foobar23

Hello,

i can't login to one of my shares (superman). I add the user with smbpasswd -a.

I set the password much times so it can't be the false password.

If i try to login:

```
[2011/06/10 18:47:54,  2] param/loadparm.c:7743(do_section)

  Processing section "[blub]"

[2011/06/10 18:47:54,  2] param/loadparm.c:7743(do_section)

  Processing section "[foobar]"

[2011/06/10 18:47:54,  2] param/loadparm.c:7743(do_section)

  Processing section "[router]"

[2011/06/10 18:47:54,  2] param/loadparm.c:7743(do_section)

  Processing section "[neu]"

[2011/06/10 18:47:54,  2] param/loadparm.c:7743(do_section)

  Processing section "[superman]"

[2011/06/10 18:47:54,  2] lib/interface.c:340(add_interface)

  added interface eth0 ip=fe80::222:15ff:fea1:990c%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::

[2011/06/10 18:47:54,  2] lib/interface.c:340(add_interface)

  added interface eth0 ip=192.168.0.23 bcast=192.168.0.255 netmask=255.255.255.0

[2011/06/10 18:47:54,  2] lib/interface.c:478(interpret_interface)

  interpret_interface: Adding interface 192.168.0.23/24

[2011/06/10 18:47:54,  2] auth/auth.c:320(check_ntlm_password)

  check_ntlm_password:  Authentication for user [superman] -> [superman] FAILED with error NT_STATUS_WRONG_PASSWORD

[2011/06/10 18:47:54,  0] smbd/password.c:805(authorise_login)

  authorise_login: rejected invalid user nobody

[2011/06/10 18:47:54,  2] smbd/service.c:624(create_connection_server_info)

  Invalid username/password for [superman]

[2011/06/10 18:47:54,  1] smbd/service.c:676(make_connection_snum)

  create_connection_server_info failed: NT_STATUS_WRONG_PASSWORD

[2011/06/10 18:48:01,  2] param/loadparm.c:7743(do_section)

  Processing section "[blub]"

[2011/06/10 18:48:01,  2] param/loadparm.c:7743(do_section)

  Processing section "[foobar]"

[2011/06/10 18:48:01,  2] param/loadparm.c:7743(do_section)

  Processing section "[router]"

[2011/06/10 18:48:01,  2] param/loadparm.c:7743(do_section)

  Processing section "[neu]"

[2011/06/10 18:48:01,  2] param/loadparm.c:7743(do_section)

  Processing section "[superman]"

[2011/06/10 18:48:01,  2] lib/interface.c:340(add_interface)

  added interface eth0 ip=fe80::222:15ff:fea1:990c%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::

[2011/06/10 18:48:01,  2] lib/interface.c:340(add_interface)

  added interface eth0 ip=192.168.0.23 bcast=192.168.0.255 netmask=255.255.255.0

[2011/06/10 18:48:01,  2] lib/interface.c:478(interpret_interface)

  interpret_interface: Adding interface 192.168.0.23/24

[2011/06/10 18:48:01,  2] auth/auth.c:320(check_ntlm_password)

  check_ntlm_password:  Authentication for user [superman] -> [superman] FAILED with error NT_STATUS_WRONG_PASSWORD

[2011/06/10 18:48:01,  2] auth/auth.c:320(check_ntlm_password)

  check_ntlm_password:  Authentication for user [superman] -> [superman] FAILED with error NT_STATUS_WRONG_PASSWORD

[2011/06/10 18:48:01,  2] auth/auth.c:320(check_ntlm_password)

  check_ntlm_password:  Authentication for user [superman] -> [superman] FAILED with error NT_STATUS_WRONG_PASSWORD

[2011/06/10 18:48:01,  2] auth/auth.c:320(check_ntlm_password)

  check_ntlm_password:  Authentication for user [superman] -> [superman] FAILED with error NT_STATUS_WRONG_PASSWORD

[2011/06/10 18:48:01,  0] smbd/password.c:805(authorise_login)

  authorise_login: rejected invalid user nobody

[2011/06/10 18:48:01,  2] smbd/service.c:624(create_connection_server_info)

  Invalid username/password for [superman]

[2011/06/10 18:48:01,  1] smbd/service.c:676(make_connection_snum)

  create_connection_server_info failed: NT_STATUS_WRONG_PASSWORD

```

smb.conf:

```
[global]

unix extensions = no

log level = 2

   workgroup = MYGROUP

   server string = Samba Server

   security = share

   load printers = no

   log file = /var/log/samba/log.%m

   max log size = 50

   passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb

   dns proxy = no 

   interfaces = eth0 192.168.0.23/24

   bind interfaces only = yes

   netbios name = fuckup

   winbind use default domain = yes

[blub]

   comment = Public Stuff

   path = /var/media/blub

   guest ok = yes

   writable = no

   browseable = yes

   public = yes

[foobar]

   path = /var/foobar

   guest ok = yes

   writeable = no

   browseable = yes

   follow symlinks = yes

   wide links = yes

   public = yes

[router]

   comment = for bandwidth monitoring

   path = /var/media/router

   guest ok = no

   writeable = yes

   browseable = yes

   public = yes

[neu]

   comment = neues

   path = /home/foo/neu

   guest ok = yes

   writeable = yes

   browseable = yes

   public = yes

[superman]

   comment = homedir

   path = /var/media/homes/superman

   guest ok = no

   valid users = superman

   writeable = yes

   browsable = yes

   public = yes

```

----------

## new_item

Is there 'superman' user account in the system ? (not only in samba)

----------

## chiefbag

One thing to note about Samba shares is the general behaviour or lack there of the windows clients that are attempting to connecting to them.

A reboot of the windows client usually tells a lot about the actual state of your samba config.

Windows in general is unable to clear the initial auth that it learns if you have attempted to map the drive mid process.

Be prepared to try many windows reboots to test your final config.

----------

## chiefbag

I think you may need the following in your Global directive.

```

[global]

security = user

username map = /etc/samba/smbusers

```

Also as @new_item said you need to have the a actual user setup on the box as well as the samba passwd file.

Make sure that you chown the /var/media/homes/superman dir otherwise no writes are possible and possibly no reads

----------

## new_item

 *chiefbag wrote:*   

> Windows in general is unable to clear the initial auth that it learns if you have attempted to map the drive mid process.
> 
> 

 

There is no need to reboot windows client to clear initial auth.

```
net use
```

to find them all

```
NET SESSION [\\computername] [/DELETE]
```

to rule them all.

Of course this commands should be run on windows client.

----------

