Clients Win XP can't acess shared folders


(Wellington Rodrigues) #1

Hello guys.
I’m testing the nethserver for the future change Zentyal Server here in the company.

I am having an issue where Windows XP clients can not access the shared folders. When I try to access the address of the share is asking for username and password and does not access, back to user’s screen and password.
Using tail -f /var/log/messages, brings this information: domain_client_validate: unable to validate password for user caiof in domain DAMAPEL to Domain controller NSDC-PDC.PDC.LOCAL. Error was NT_STATUS_WRONG_PASSWORD.
This error only happens in Windows XP, in Win 7/10 it works fine.
This computer is in the domain and I had no problems in that part.
I am using version 7.4.1708 of NethServer. IP is
My server is configured local LDAP.

NetBIOS domain name: DAMAPEL
LDAP server:
LDAP server name: nsdc-pdc.pdc.local
Bind Path: dc = PDC, dc = LOCAL
LDAP port: 389
Server time: Mon, 22 Jan 2018 11:52:35 -02
KDC server:
Server time offset: 0
Last machine account password change: Mon, 22 Jan 2018 09:19:44 -02

Join is OK
name: PDC
objectSid: S-1-5-21-780926312-1224919296-4143783345-1104
accountExpires: 9223372036854775807
sAMAccountName: PDC $
pwdLastSet: 131610935837524920
dNSHostName: pdc.domain.local
servicePrincipalName: HOST / PDC
servicePrincipalName: HOST / pdc.domain.local
whenChanged: 20180122111948.0Z
lastLogon: 131611027556746350
distinguishedName: CN = PDC, CN = Computers, DC = Pdc, DC = Local

(Giacomo Sanchietti) #2

Samba 4.7 disabled support for NTLM v1 because it’s very insecure:

You should fix the client configuration, take a look here:

If the proposed solution doesn’t work, you could change the server configuration, but actually this is not documented. In this case, feel free to raise your hand again and we will publish the solution.

(Rob Bosch) #3

Let me be the smart ass to yell: update your Windows XP clients to a newer version of windows or (even better) a light Linux distribution (Xubuntu or something like that)
Running Win XP on networked clients is begging for trouble…
just my 2 ct

(Wellington Rodrigues) #4

Thanks for your help.
I fix it using the Policies in Windows XP, like the post you went through.

(And) #5

how you fix did it?

(Wellington Rodrigues) #6

In Windows XP access the:
Control Panel\Administrative Tools - Open Local Security Policy.
Menu Local Policies\Security Options. Search for and double click in Network security: LAN Manager authentication level. Select Send NTLMv2 response only.

Hope this helps.

(Mark Edworthy) #7

Without wanting to sound presumptuous, I am guessing that @robb has not considered various issues about running XP within a closed, secured LAN environment. Whilst XP has been discontinued and is not supported by any vendor or by Microsoft, this is not to say that XP should be ignored as a suitable OS for use within certain situations.

As an example, if (as I have mentioned above) XP is used within a closed local area network, with suitable security policies and procedures, as well as disabling various functions and services. Then XP can be considered as a suitable candidate for end-user production work.

I can see various reasons why running XP within an organisation could be suitable / necessary, these reasons include: the expanse (monitory and time resource) of implementing a new OS and / or replacement of workstations, overall polices and attitudes towards internal infrastructure, the further expense (again, monitory and time) of retraining end-users and existing technical staff or the upgrade / re-engineering of in-house produced software packages, frameworks or infrastructure.

(Rob Bosch) #8

@medworthy, I see your point and of course I can not look into the wallet of anyone sticking with WindowsXP on the desktop. However, I strongly believe that in the long run sticking with a deprecated piece of software, either OS or client software, will always be more expensive than current tech software.

(Giacomo Sanchietti) #9

Do you think that this solution should be added in the manual?

(Wellington Rodrigues) #10

If people are still using Windows XP, I think that would be a good idea.

(Markus Neuberger) #11

We also have this thread for such things:

(Mark Edworthy) #12

@giacomo & @Wellington_Rodrigues,
I agree, if other users are still using this OS, then it would be sensible to include a addendum which includes such information.

Also, as far @robb comment about the expense of updated software being more cost effective then using a deprecated version (within the long term). I am not sure that I can agree with this argument.

As I have already pointed out within my Cloud Computing article (URL provided below), there is a lot of applications that are starting to migrate to the providers “cloud” / SaaS framework and are being provided with a time based subscription modal (generally using a yearly subscription license).

This subscription modal could in reality become more expensive (over a period of time) when compared to a perpetual license agreement modal and the training requirement that may be needed.

(Markus Neuberger) #13

There may be cases where keeping old systems and old software makes sense but generally you should update to supported systems/software IMO. Keeping old software means building some workarounds for using them in a safe environment which also may be an effort of time and money.

(Wellington Rodrigues) #14

In my case, I work in a company that manufactures papers and one of the ‘machine’ makes communication via a Siemens’s software that runs only on Windows XP. :expressionless:
The company already has projects to upgrade but as it costs a bit expensive and just taking time.

(Markus Neuberger) #15

This is a typical case where you need to keep the old software but I think it’s easy to isolate as it’s usually just a connection between machine and xp box without needing internet connection.

(Giacomo Sanchietti) #16

I guess the best point to add such information in the manual is under this section:

Or we can add another general section named “Windows clients” inside the “Users and groups” chapter.

@Wellington_Rodrigues would you give it a try?

(Michael Kicks) #17

IMO, it’s a part of Samba Local provider.
It explains how to connect some clients to this service, expecially the checklist for troubleshooting connection…

(Mark Edworthy) #18

On a slight tangent and to provide an example of why upgrading software or the operating system is not always a good idea, I am providing a link to a YouTube video which examines related issues surrounding Apple products and their operating systems upgrades.