Windows PCs being asked for password after CentOS 7.4/Samba 4.6.2 upgrade

centos7samba4

I upgraded from CentOS 7.3 to 7.4. Along with it it upgraded Samba. Everything is working fine on the Mac workstations, but the Windows PC workstations (which are running Windows 7, if that matters) are being prompted for the password to access the Samba share. The dialogue box has the workstation name, backslash and the user account for the file server. I tried selecting to login with another account where I manually entered in the user account for the file server and password, but it won't accept it.

Samba version 4.6.2

Linux ourbox 3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12 22:26:13 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

smb.conf:
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = OURBOX
security = user
map to guest = bad user
dns proxy = no
#============================ Share Definitions ============================== 
[OUR]
comment = OUR File Server
writable = yes
valid users = smbuser
path = /home/share
create mode = 0660
directory mode = 0770
browsable = yes
guest ok = no
read only = no

There isn't anything in the logs I can find that shows access being attempted. No error messages. The Windows workstations are being prompted for the password and it won't accept it.

I'd be happy to provide more details or do more trouble-shooting recommendations.

Best Answer

I got this solved by adding this to the smb.conf in Global:

ntlm auth = yes

I read the release news for Samba 4.6.2 which states:

"To improve security, the NT LAN manager version 1 (NTLMv1) protocol is now disabled by default. If you require the insecure NTLMv1 protocol, set the ntlm auth parameter in the /etc/samba/smb.conf file to yes."

However, there appears to be a way on the individual Windows 7 workstation to configure it to support NTLMv2 protocol, that I've read here, and just tested it. This did NOT work. I ended up making the change to the smb.conf file as I indicated above and that works. No idea why the changes to the Windows 7 workstation following the directions in the link below didn't work. If you attempt the instructions in the link, make sure you take screenshots of the options, so you can put them back if they don't work for you either:

https://support.symantec.com/en_US/article.TECH132917.html

Related Topic