Windows 7 too secure for old Samba software
I am using an old version of Samba on a QNX 4 system to access shared folders on a Windows system. Unfortunately, it is not possible to upgrade the Samba software. Everything has worked fine for years with Windows 95, 2000 and XP, but I cannot get it to work with Windows 7 Home Premium :-(My Advanced Sharing Settings are: Network Discovery - on File and Printer Sharing - on Public Folder Sharing - off File Sharing For Devices Using 40 or 56 Bit Encryption - on Password Protected Sharing - on Use user Accounts and Passwords To Connect To Other ComputersSecurity settings for the shared folder - the remote user has Allow for everythingAdvanced Sharing - caching - not available offline - permissions - the remote user has Allow for everythingThere is a Standard user with a name and password matching the remote user information created.Using this user/password combination from a Windows XP system, I can access the share on the Windows 7 system.So the issue has to be that the security protocols being used by Windows 7 are too advanced for the old Samba software.I have tried the following registry modification:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LsaCreated key LmCompatibilityLevelTried values of 1 and 0 (including rebooting)So far, no luck. What other registry changes are possible to dumb down the security ?Thanks !
January 8th, 2010 7:31am

I use SAMBA but I am using the Ubuntu distribution and the latest versions. I have no problems with DOS up. What level of security do you need? SAMBA can act as an active domain server if needed.Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
Free Windows Admin Tool Kit Click here and download it now
January 9th, 2010 3:44am

I am on a private network, so I will settle for little security and something that works.I am totally stuck with Samba 2.0.7 on QNX4 - very old.smbclient -L WindowsXPThis works fine to a Windows XP system and shows the list of shares.smbclient -L Windows7This fails to the Windows 7 Home Premium system. ERRDOS - ERRunsup (The operation is unsupported).smbclient -U user //Windows7/share - does connect and work, providing access to the share for manual file transfers.SMBfsys &user_smb user 'password'mount_smb //Windows7/share /mountpoint - this fails permission deniedBut I am wondering whether this message is bogus if SMBfsys is unable to query for the share.
January 9th, 2010 8:41pm

I suggest posting you entire smb.conf file so I can see what changes, if any, are needed. It is located in /etx/samba/smb.conf Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
Free Windows Admin Tool Kit Click here and download it now
January 9th, 2010 10:50pm

Ok. Here is my config file. Note that it has been unchanged for more than a decade. The printers are no longer connected to the QNX system.smbclient -L Windows7 fails, so the QNX system cannot get a list of the shares available on the Windows 7 system.What has changed about the ability to list shares on Windows 7 compared to Windows XP ?Thanks !; /etc/smb.conf[global] netbios name = mercury load printers = yes printing = qnx security = user revalidate = no username map = /etc/smb.map encrypt passwords = yes workgroup = WORKGROUP guest account = nobody lock directory = /tmp/spool/smbd message command = popmsg %s & interfaces 192.168.1.101/24 log file = /syslog/smbd browseable = yes status = yes dead time = 15 keep alive = 300 local master = no preferred master = no remote announce = 192.168.1.255/WORKGROUP [printers] path = /tmp/spool/smbd writeable = no printable = yes read only =yes public = yes guest ok = yes print command = /bin/cp %s /pr/smb; rm %s lpq command = /usr/ucb/lprq -P %p [homes] vaid users = Mercury writeable = yes browseable = no create mask = 0600 directory mask = 0700
January 16th, 2010 12:37am

Change the create mask and directory mask to 777 then you will be able to use it with no prolems. If you need a more secure setup visit my site and see the Ubuntu area. does you OS not use a directory for Samba under /etc?Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
Free Windows Admin Tool Kit Click here and download it now
January 16th, 2010 12:42am

I tried changing the mask values, but it still fails, as I expected. The mask values relate to Windows accessing shares on the QNX system. The problem I am having is with the QNX system mounting shares on the Windows 7 system.I type the following on the QNX system, to troubleshoot QNX failing to mount the Windows shares: smbclient -L WindowsXP This works fine to a Windows XP system and shows the list of shares. smbclient -L Windows7 This fails to the Windows 7 Home Premium system. ERRDOS - ERRunsup (The operation is unsupported).
January 19th, 2010 7:32am

I use the Ubuntu distribution and it has a more recent version of SAMBA that I use in my shop. Visit samba.org and read the manual there, and see if there is anything in there that is helpful. Windows will use the Linux security as the underlying file system is whatever QNX is using. On my server that would be ext4. SAMBA sets the file permissions to whatever are stated in the smb,conf file plain and simple.Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2010 7:42am

Just a point here, but the OP says he is accessing 7 FROM *nix. In this case the smb.conf is not involved. That is for the *nix server process. With an old samba client, your problem most likely relates to communications-signing. 1: Disable SMB2 on the 7 box if you haven't already. It's buggy. And exploitable! 2: in the group policy editor (gpedit.msc) turn off the policy which enforces "Always sign communications" Windows Settings/Local Policies/Security Options: Digitally sign server communication (Always) >Disabled. (I think the latter may be equivalent to the registry key you changed. Give it a try anyway.)
January 19th, 2010 11:54am

Just a point here, but the OP says he is accessing 7 FROM *nix. In this case the smb.conf is not involved. That is for the *nix server process. With an old samba client, your problem most likely relates to communications-signing. 1: Disable SMB2 on the 7 box if you haven't already. It's buggy. And exploitable! 2: in the group policy editor (gpedit.msc) turn off the policy which enforces "Always sign communications" Windows Settings/Local Policies/Security Options: Digitally sign server communication (Always) >Disabled. (I think the latter may be equivalent to the registry key you changed. Give it a try anyway.) The OP stated explicitly that he cannot upgrade for an unstated reason. The OP is using QNX which is a very old distribution. Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2010 5:41am

..and your point? BTW, setting 777 permissions on a unix filesystem is inadvisable if the box has any Internet-visible services. 770 is safer.
January 20th, 2010 11:19am

770 is not much help with QNX.Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2010 11:40am

the OP asked : What other registry changes are possible to dumb down the security ? In a related note, what other legacy support was turned off in windows 7 networking?I'm having a similar issue that I've narrowed down to shares on a windows 7 system. Something in that final packet sent back to the NON MICROSOFT SMB CLIENT is not being read correctly, and it's something that even Windows XP manages to do correctly out of the box.Oh, and that NON-MICROSOFT product is still working with XP shares.Either:It's busted because it's coded wrong in windows 7 orIt defaults to being incompatible with legacy clients in the policy settings, such as compelling NTLM v2 client support is now the default in windows 7.
January 24th, 2010 11:50pm

The OP is using QNX which is a Linux distribution. The SAMBA package manages the security, not Windows which is only a client.Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe RaidMax Smilodon, 680W, Asus M2NBP-VM CSM AMD X2 4200+, 2GB DDR2-800, x600, more details on my site
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 12:08am

I resolved my issue by uninstalling Windows Live sign in assistant on the windows 7 system. Go figure. Found it in an xbox media center thread. Tried it because nothing else has worked so far, and voila.Regardless, I read his issue as being one of accessing shares on windows 7 from QNX as a client.The samba spec does include a smb client running on linux, but he may be mistaken thinking that his implementation of samba includes using it to access windows shares.
January 26th, 2010 4:34am

You might want to use a new server beside the QNX box and migrate to a more popular distribution such as Ubuntu. I use the latest versions of SAMBA and it can be a full domain controller if you need one. Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe RaidMax Smilodon, 680W, Asus M2NBP-VM CSM AMD X2 4200+, 2GB DDR2-800, x600, more details on my site
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2010 7:43am

I finally got it working, so I thought I would post what I did here in case it is of assistance to someone else.Just to clarify, QNX is _not_ a Linux distribution. QNX is a POSIX-compliant (meaning it looks just like UNIX), realtime operating system. It is commonly used for process control, industrial automation, medical systems etc. I am using a really old version that is impractical to upgrade due to a huge porting effort for many different applications, including Samba.I am using Samba backwards to the way most people think of it. QNX added to the old version of Samba with a utility called SMBfsys, which allows mounting Windows shared folders and printers so they can be accessed by applications on the QNX system. So a QNX executable can modify files on drive C: and print to Windows printers and so on. Samba can still be used in the normal sense to allow Windows users to access files on the QNX system, but that is not how I am using it (and at this point, it only works with Windows XP and earlier, but I am not troubleshooting it).I finally solved the problem by using Wireshark to analyze the packets. It is pretty good at displaying the message content. It turned out that the old version of Samba was sending a Lan Manager encrypted password, but Windows 7 didn't have a copy to compare that with, so it produced a permission denied error.Windows Home Premium does NOT include the group policy manager, so everything must be done with registry modifications. Good luck to typical home users that might ever try to connect a Windows 95 computer to Windows 7 !The following registry settings were needed:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"LmCompatibilityLevel"=dword:1 -allow older Lan manager style messages"NoLmHash"=dword:0 -store the older, less secure Lan Manager encrypted passwordHKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters"AllowNT4Crypto"=dword:1 -allow less secure encrypted passwords (intermediate keys must be created)HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters"RequireSecuritySignature"=dword:0 -don't require new message signaturesThis value may have already existed, I don't remember
February 2nd, 2010 6:48pm

I use the Ultimate version of everything as I need the corporate features. I still suggest using Linux and migrate to a new safer platform for shared files, such as web appliance etc.Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe RaidMax Smilodon, 680W, Asus M2NBP-VM CSM AMD X2 4200+, 2GB DDR2-800, x600, more details on my site, need a video card for the Windows machine, the 8600 GT fried
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2010 6:53pm

Thanks for this post. I have nearly the opposite problem. Samba 2.0.2 server with a Win 7 client but with the same issue I found the following worked; I added item 3 and I think section 2 may not be required as I think you may have typo'd 1) in hklm\system\currentcontrolset\control\lsa, created LmCompatibilityLevel = dword "1", changed NoLmHash from "0" to "1" 2) in hklm\software\policies\microsoft created key netlogon in hklm\software\policies\microsoft\netlogon created key Paramaters in hklm\software\policies\microsoft\netlogon\paramaters created AllowNT4Crypto = dword "1" 3) in hklm\system\currentcontrolset\services\netlogon\paramaters created AllowNT4Crypto = dword "1" 4) in hklm\system\currentcontrolset\services\lanmanserver\paramaters requiresecuritysignature was already = dword "0" Anyway, it works now and it didn't before. Gareth
March 23rd, 2010 9:35pm

I searched my registry to confirm. I have:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters"AllowNT4Crypto" as a dword with a value of 1 I think that is what fixed it for me.
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2010 11:10pm

hello, I m having the same problem with samba 2.0.7, it does not connect with windows 7 ultimate. I tried all the posibilities mentioned by you but still haven't got through. Here is my smb.conf # Samba config file created using SWAT # from frbnotebook (192.168.152.90) # Date: 2005/07/12 16:02:07 # Global parameters [global] netbios name = MACHINE103 security = SHARE guest account = root [all] comment = all files on this computer path = / read only = No guest ok = Yes So please try to figure my problem ... Thanks, Maulik.
April 3rd, 2010 4:00pm

After you make the registry change to set "NoLmHash" to 0, it is also important to change the password of the user account you are attempting to login as. By changing the password you ensure that the legacy lan manager password hash is generated and stored. The actual password doesn't have to change, you can use the same one, just make sure to go through the CTRL-ALT-DEL -> Change Password process. This made the difference for me, and I had a similar problem where a QNX system was trying to access windows file shares on Windows 7 & Vista with plain-text passwords. These are the steps I had to make to get it to work: Change the registry settings: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa "LmCompatibilityLevel"=dword:1 -allow older Lan manager style messages "NoLmHash"=dword:0 -store the older, less secure Lan Manager encrypted password Run "gpupdate /force" so these settings take effect. Change the password (to the same password) for the user(s) that need to connect.
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2010 12:09am

Sorry to everyone that posted before me, and, Sorry to be resurecting such and old post, but I just HAD to do it. Did any of these people that replied to this post actually read what was written? I have to wonder... " I am using an old version of Samba on a QNX 4 system to access shared folders on a Windows system " AND..... " Public Folder Sharing - off" on the above mentions windows share EQUALS.... NO CONNECTION. How many people attempted to answer what they thought was the question? Why didn't they just read the question and say... Please turn on public folder shareing if you want that folder to be seen by a unix box... sheesh... So much work to answer the wrong question.
January 15th, 2012 1:29am

try using mount.cifs //ip/share /directory -o user=xxx,rw,pass=xxx
Free Windows Admin Tool Kit Click here and download it now
January 18th, 2012 3:54pm

Hello, I had the same problem: had to copy files from Windows 7 pro to samba 2.0.1 ... The solution here is: FTP. We made user to connect to the samba and it works fine. I hope it works for You too
June 28th, 2012 5:54am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics