I am having difficulties connecting one of my computer to my Openwrt NAS using Samba.
OpenWRT is installed on MB Live NAS, it's running Samba and lets call it nas1. My network includes nas1 with OpenWRT and also nas2 with the original MB Live WD software. It also includes Computer11 which runs W11 and Computer7 which runs W7.
Computer11 accesses both nas1 and nas2 from Windows Explorer. Everything is fine from this side.
Computer7 accesses nas2 (running original WD software) with no problem from Windows Explorer and from the Web access. This also works ok. Computer7 accesses nas1 from the web interface OK. However, when I try accessing nas1 from Windows Explorer, I keep getting a logon failure: unknown user name or bad password.
User name includes the ip address as domain: 192.xxx.xxx.20\userid. User name and password are the same I am using with Computer11. I suspect a difference between W7 and W11 but I am running short of ideas after trying different solutions found. What do I miss? What am I doing incorrectly?
Help would be greatly appreciated.
---------- Update ---------- Update ---------- Update ----------
I tried accessing from a third computer also running W7 and I get the same error. Could be a difference between W7 and W11 or my W11 computer has a parameters that would differ from my other computers.
As I continue investigating to find a solution, I connect two other W7 computers. One was able to access nas1 and nas2 with no problem. The second had the same issue: cannot access nas1 through Samba because cannot connect (Unknown username or bad password). Because at least one W7 computer can access nas1, the issue is likely to be in a parameter, but I can't find witch one. Any idea??
I will begin by mentioning I did tried numerous solutions found on various forum. In my specific case, what work is this:
On the client computer that could get the username & password recognised, I used regedit to delete the following regkey entry (dword):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\Lsa > LmCompatibilityLevel.
I reboot my computer and voilĂ !, the authentication worked like a charm.
This solution worked with Windows 7 computers but I suspect it would also work under Windows 10 and 11.
Its a problematik registry area. I am not sure, what the last XP hotfixes had added as default. I would recommend to test, if deleting the key actually defaults to "0" , as this would reenable ancient and sec-problematic LM protocol.
learn.microsoft.com lmcomp default values, but I would not count on that without test verification, there may have been undocumented patches provided after that that redefined the default.
In case it defaults to 0, you had just reenabled a 30 year old security protocol and probably this is because one of your NASes has a samba server that is an outdated version or has outdated config.
So be careful with this key. I would refrain from messing with that key, except if you understand what you are doing.
It is still great that you were able to narrow down the problem (most people are not that capable to reach that goal), but you had stopped midway and choose one freeway ramp off too early. A correct next step is now, to find out, if you just lowered a good security setting or if you should rather need to move to a more secure and recent samba version or a more secure samba config.
Thank you Pico. This is highly pertinent information.
From my observation, Windows 10 default is "not assigned", meaning the regkey is absent. From readings on MS sites, it defaults to Send NTLMv2 authentication only (Level 3). I also tried with Send NTLMv2 authentication only (Level 3) and got same results as with no key.
Thank you also for raising the "age" issue of the NAS software. In this particular case, it is the most recent version of OpenWRT running Samba4. Should you have any advice or suggestions, I would be more than happy to learn more. My IT expertise in this particular area is very limited.