# samba client can't connect *solved*

## robvr

I run a Samba server for the exclusive purpose of accessing files and a printer form a Windows 98 client. At some point in the past year, things broke (again...), and I'm out of ideas for getting it to work again.

Samba version is 4.8.6-r2

/etc/samba/smb.conf:

# Global parameters

[global]

#activate crappy WIN98 authentication

	lanman auth = yes

	client lanman auth = yes

	client ntlmv2 auth = no

	workgroup = HOME

	netbios name = FILER

	server string = %h server (Samba %v)

	encrypt passwords = true

	syslog = 0

	log file = /var/log/samba/log.%m

	max log size = 1000

	dns proxy = No

	invalid users = root

	security = user

	passdb backend = tdbsam

	server signing = disabled

	wins support = yes

# For Samba 3.x. This enables ClamAV on access scanning.

#vfs object = vscan-clamav

#vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[printers]

	comment = All Printers

	path = /tmp

	create mask = 0700

	printable = Yes

	browseable = Yes

[lp]

	comment = Generic dot-matrix printer entry

	path = /tmp

	read only = No

	create mask = 0700

	printable = Yes

	printing = nt

	printer name = lp

	use client driver = Yes

	oplocks = No

[bakbeest]

        comment = Generic dot-matrix printer entry

        path = /tmp

        read only = No

        create mask = 0700

        printable = Yes

        printing = nt

        printer name = bakbeest

        use client driver = Yes

        oplocks = No

[homes]

	comment = homes

	path = %H

	writeable = yes

	browseable = yes

	valid users = %S

Any attempt to contact the server is blocked with a "password incorrect" message. There are no errors (or other signs of the attempted contact) in /var/log/samba/log.nmbd or /var/log/samba/log.smbd.

Just to be sure, I ran smbpasswd -a <user> to make sure of the password.

Nothing helps. I'm completely stuck and getting desperate. Not having that WIN98 machine working and accessing files is just not an option.Last edited by robvr on Mon Apr 06, 2020 9:07 am; edited 1 time in total

----------

## hdcg

Hi robvr,

most likely this is caused by some new defaults of your Samba version e.g.:

 *Quote:*   

> ...
> 
> NTLMv1 authentication disabled by default
> 
> -----------------------------------------
> ...

 

Also take a look at the min protocol settings of your Samba https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERMINPROTOCOL.

Best Regards,

Holger

----------

## robvr

Holger,

thanks for the link and pointers. I've been experimenting with the various options, but so far, to no avail. I fully realise I'm trying to use a protocol version from the stone age, but as far as I can tell, the configuration should allow this. I suspect there's one well hidden hoop I've neglected to jump through; either I'll find it at some point, or I'll have to fall back to a horrible solution: revive an old samba server that still works as a VM, export the files to that through NFS, and pass them on to Win98 via the old samba deamon.

I'd much rather do this properly though, so any hints as to which hoop I'm missing remail welcome..

----------

## Hu

Why does the Windows 98 machine need to continue working?  At some point, its hardware will fail, and I doubt that key hardware available today will work with such an old operating system.  In my opinion, you ought to spend some time migrating essential tasks off that system so that its inevitable failure does not cause bigger problems.

----------

## robvr

 *Hu wrote:*   

> Why does the Windows 98 machine need to continue working?  At some point, its hardware will fail, and I doubt that key hardware available today will work with such an old operating system.  In my opinion, you ought to spend some time migrating essential tasks off that system so that its inevitable failure does not cause bigger problems.

 It needs to keep working because there simply is no workable alternative; there is no other OS for which drivers exist for a piece of hardware for which there are no modern alternatives that do not require six digit investments. When a pallet with 24 of these machines was discovered in the early 2000s, people literally went on thousand mile yourneys to try and get their hands on the last ones.

If I could move away from Win98, I would have done so a decade ago. The stock of available hardware will most likely last longer than the rest of my life, and even should it fail, I could run in a virtual machine for much longer. Eventual failure of the complete stack cannot be prevented, but that doesn't mean I intend to give up right now, and right now the only part in a critical condition is the samba server.

----------

## robvr

Just a quick update in case anyone is watching: I've managed to get things working again with Samba up to 4.5.16 (from 3.6.23-r1 on the antique server). Just a few more tests, and I should have pinpointed which version represents the point where stuff breaks, which should in turn limit the amount of info I need to process to find out why it breaks at that point.

----------

## robvr

Holger was certainly on the right track; the trick was to add "ntlm auth = yes" to the [global] section.

It took me a long time to reach this conclusion though, for two reasons.

First, the Samba documentation states that the default for this setting went from 'yes' to 'no' in version 4.5.0, then to 'ntlmv2-only' in 4.7.0, where 'no' is an alias for 'ntlmv2-only', and that behaviour hasn't changed since. This does not match observed reality; with the unchanged config file, Win98 connects just fine on 4.5.x, and even 4.6.x, but stops on 4.7.x. Either behaviour has changed, or the alias doesn't work as intended. Of course, I only realised this after verifying that 4.5.x still worked.

That turned out to be a challenge in it's own right, since Samba downgrades do not work properly. These days, the config file is read, and then merged with a registry file. Of course, these registries are forward compatible only, and the smbd daemon crashes shortly after startup when confronted with a too new format. Note that it crashes after startup, so '/etc/init.d/samba restart' seems to work perfectly, with no indication whatsoever that anything is wrong. The only reliable way to downgrade is to wipe every samba directory under /var and re-install to restore defaults. Takes some figuring out  :Sad: 

----------

## Hu

 *robvr wrote:*   

> That turned out to be a challenge in it's own right, since Samba downgrades do not work properly. These days, the config file is read, and then merged with a registry file. Of course, these registries are forward compatible only, and the smbd daemon crashes shortly after startup when confronted with a too new format. Note that it crashes after startup, so '/etc/init.d/samba restart' seems to work perfectly, with no indication whatsoever that anything is wrong. The only reliable way to downgrade is to wipe every samba directory under /var and re-install to restore defaults.

 That seems like taking Windows bug-for-bug compatibility a bit too far.  :Smile: 

----------

## robvr

 *Hu wrote:*   

> That seems like taking Windows bug-for-bug compatibility a bit too far. 

 I can see the point of re-implementing the relevant parts of the Windows registry. Samba has moved far beyond it's original file and printer sharing job, and the smaller the difference between the Linux and Windows domains, the easier it will be to get this very complex beast to work. It would have been nice though if they'd be a bit more explicit when things go wrong; a warning maybe, including which file to nuke? And to be honest, I'd be worried about their own registry collapsing under tons of cruft after a few years in operation, just like the Windows ones; I doubt the easy fix of just nuking the lot will work as well in a large, complex setup as it does in my minimal one.

Then again, downgrade compatibility of generated files is always dubious, not just for Samba.

----------

