Windows 7 too secure for old Samba software
I am using an old version of Samba on a QNX 4 system to access shared folders on a Windows system. Unfortunately, it is not possible to upgrade the Samba software. Everything has worked fine for years with Windows 95, 2000 and XP, but I cannot get it to work with Windows 7 Home Premium :-(My Advanced Sharing Settings are: Network Discovery - on File and Printer Sharing - on Public Folder Sharing - off File Sharing For Devices Using 40 or 56 Bit Encryption - on Password Protected Sharing - on Use user Accounts and Passwords To Connect To Other ComputersSecurity settings for the shared folder - the remote user has Allow for everythingAdvanced Sharing - caching - not available offline - permissions - the remote user has Allow for everythingThere is a Standard user with a name and password matching the remote user information created.Using this user/password combination from a Windows XP system, I can access the share on the Windows 7 system.So the issue has to be that the security protocols being used by Windows 7 are too advanced for the old Samba software.I have tried the following registry modification:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LsaCreated key LmCompatibilityLevelTried values of 1 and 0 (including rebooting)So far, no luck. What other registry changes are possible to dumb down the security ?Thanks !
January 7th, 2010 11:31pm

I am on a private network, so I will settle for little security and something that works.I am totally stuck with Samba 2.0.7 on QNX4 - very old.smbclient -L WindowsXPThis works fine to a Windows XP system and shows the list of shares.smbclient -L Windows7This fails to the Windows 7 Home Premium system. ERRDOS - ERRunsup (The operation is unsupported).smbclient -U user //Windows7/share - does connect and work, providing access to the share for manual file transfers.SMBfsys &user_smb user 'password'mount_smb //Windows7/share /mountpoint - this fails permission deniedBut I am wondering whether this message is bogus if SMBfsys is unable to query for the share.
Free Windows Admin Tool Kit Click here and download it now
January 9th, 2010 12:41pm

Change the create mask and directory mask to 777 then you will be able to use it with no prolems. If you need a more secure setup visit my site and see the Ubuntu area. does you OS not use a directory for Samba under /etc?Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
January 15th, 2010 4:42pm

I tried changing the mask values, but it still fails, as I expected. The mask values relate to Windows accessing shares on the QNX system. The problem I am having is with the QNX system mounting shares on the Windows 7 system.I type the following on the QNX system, to troubleshoot QNX failing to mount the Windows shares: smbclient -L WindowsXP This works fine to a Windows XP system and shows the list of shares. smbclient -L Windows7 This fails to the Windows 7 Home Premium system. ERRDOS - ERRunsup (The operation is unsupported).
Free Windows Admin Tool Kit Click here and download it now
January 18th, 2010 11:32pm

I use the Ubuntu distribution and it has a more recent version of SAMBA that I use in my shop. Visit samba.org and read the manual there, and see if there is anything in there that is helpful. Windows will use the Linux security as the underlying file system is whatever QNX is using. On my server that would be ext4. SAMBA sets the file permissions to whatever are stated in the smb,conf file plain and simple.Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
January 18th, 2010 11:42pm

Just a point here, but the OP says he is accessing 7 FROM *nix. In this case the smb.conf is not involved. That is for the *nix server process. With an old samba client, your problem most likely relates to communications-signing. 1: Disable SMB2 on the 7 box if you haven't already. It's buggy. And exploitable! 2: in the group policy editor (gpedit.msc) turn off the policy which enforces "Always sign communications" Windows Settings/Local Policies/Security Options: Digitally sign server communication (Always) >Disabled. (I think the latter may be equivalent to the registry key you changed. Give it a try anyway.)
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2010 3:54am

Just a point here, but the OP says he is accessing 7 FROM *nix. In this case the smb.conf is not involved. That is for the *nix server process. With an old samba client, your problem most likely relates to communications-signing. 1: Disable SMB2 on the 7 box if you haven't already. It's buggy. And exploitable! 2: in the group policy editor (gpedit.msc) turn off the policy which enforces "Always sign communications" Windows Settings/Local Policies/Security Options: Digitally sign server communication (Always) >Disabled. (I think the latter may be equivalent to the registry key you changed. Give it a try anyway.) The OP stated explicitly that he cannot upgrade for an unstated reason. The OP is using QNX which is a very old distribution. Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
January 19th, 2010 9:41pm

..and your point? BTW, setting 777 permissions on a unix filesystem is inadvisable if the box has any Internet-visible services. 770 is safer.
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2010 3:19am

770 is not much help with QNX.Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe Server: ASRock P4-2GHz, 1.5 GB RAM, Linux Server, need IDE/SATA disks for my chess site Workstation: Asus M2NBP-VM CSM, Athlon64 X2 4200+ 65W CPU, 2GB RAM, x600, 320GB + 160G backup, Windows 7 Ultimate x64.
January 20th, 2010 3:40am

the OP asked : What other registry changes are possible to dumb down the security ? In a related note, what other legacy support was turned off in windows 7 networking?I'm having a similar issue that I've narrowed down to shares on a windows 7 system. Something in that final packet sent back to the NON MICROSOFT SMB CLIENT is not being read correctly, and it's something that even Windows XP manages to do correctly out of the box.Oh, and that NON-MICROSOFT product is still working with XP shares.Either:It's busted because it's coded wrong in windows 7 orIt defaults to being incompatible with legacy clients in the policy settings, such as compelling NTLM v2 client support is now the default in windows 7.
Free Windows Admin Tool Kit Click here and download it now
January 24th, 2010 3:50pm

The OP is using QNX which is a Linux distribution. The SAMBA package manages the security, not Windows which is only a client.Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe RaidMax Smilodon, 680W, Asus M2NBP-VM CSM AMD X2 4200+, 2GB DDR2-800, x600, more details on my site
January 24th, 2010 4:08pm

I resolved my issue by uninstalling Windows Live sign in assistant on the windows 7 system. Go figure. Found it in an xbox media center thread. Tried it because nothing else has worked so far, and voila.Regardless, I read his issue as being one of accessing shares on windows 7 from QNX as a client.The samba spec does include a smb client running on linux, but he may be mistaken thinking that his implementation of samba includes using it to access windows shares.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2010 8:34pm

You might want to use a new server beside the QNX box and migrate to a more popular distribution such as Ubuntu. I use the latest versions of SAMBA and it can be a full domain controller if you need one. Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe RaidMax Smilodon, 680W, Asus M2NBP-VM CSM AMD X2 4200+, 2GB DDR2-800, x600, more details on my site
January 25th, 2010 11:43pm

Thanks for this post. I have nearly the opposite problem. Samba 2.0.2 server with a Win 7 client but with the same issue I found the following worked; I added item 3 and I think section 2 may not be required as I think you may have typo'd 1) in hklm\system\currentcontrolset\control\lsa, created LmCompatibilityLevel = dword "1", changed NoLmHash from "0" to "1" 2) in hklm\software\policies\microsoft created key netlogon in hklm\software\policies\microsoft\netlogon created key Paramaters in hklm\software\policies\microsoft\netlogon\paramaters created AllowNT4Crypto = dword "1" 3) in hklm\system\currentcontrolset\services\netlogon\paramaters created AllowNT4Crypto = dword "1" 4) in hklm\system\currentcontrolset\services\lanmanserver\paramaters requiresecuritysignature was already = dword "0" Anyway, it works now and it didn't before. Gareth
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2010 2:35pm

I searched my registry to confirm. I have:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters"AllowNT4Crypto" as a dword with a value of 1 I think that is what fixed it for me.
March 23rd, 2010 4:10pm

hello, I m having the same problem with samba 2.0.7, it does not connect with windows 7 ultimate. I tried all the posibilities mentioned by you but still haven't got through. Here is my smb.conf # Samba config file created using SWAT # from frbnotebook (192.168.152.90) # Date: 2005/07/12 16:02:07 # Global parameters [global] netbios name = MACHINE103 security = SHARE guest account = root [all] comment = all files on this computer path = / read only = No guest ok = Yes So please try to figure my problem ... Thanks, Maulik.
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2010 9:00am

After you make the registry change to set "NoLmHash" to 0, it is also important to change the password of the user account you are attempting to login as. By changing the password you ensure that the legacy lan manager password hash is generated and stored. The actual password doesn't have to change, you can use the same one, just make sure to go through the CTRL-ALT-DEL -> Change Password process. This made the difference for me, and I had a similar problem where a QNX system was trying to access windows file shares on Windows 7 & Vista with plain-text passwords. These are the steps I had to make to get it to work: Change the registry settings: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa "LmCompatibilityLevel"=dword:1 -allow older Lan manager style messages "NoLmHash"=dword:0 -store the older, less secure Lan Manager encrypted password Run "gpupdate /force" so these settings take effect. Change the password (to the same password) for the user(s) that need to connect.
December 16th, 2010 4:09pm

try using mount.cifs //ip/share /directory -o user=xxx,rw,pass=xxx
Free Windows Admin Tool Kit Click here and download it now
January 17th, 2012 4:01pm

Hello, I had the same problem: had to copy files from Windows 7 pro to samba 2.0.1 ... The solution here is: FTP. We made user to connect to the samba and it works fine. I hope it works for You too
June 28th, 2012 5:44am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics