Config for Samba to allow login Windows XP

Today I found a solution for Samba 4.6.2 in Centos 7.4 for all versions of Windows from 7 upwards are able to connect less Windows XP.

Word in smb.conf

lanman auth = yes
ntlm auth = yes

That’s how the config looks:

[global]
workgroup = SAMBA
server string = Samba
netbios name = Samba
interfaces = 192.168.22.250/24 192.168.0.250/24
hosts allow = 127. 192.168.22. 192.168.0.
max protocol = SMB2
socket options = TCP_NODELAY
read raw = no
log file = /var/log/samba/log.%m
max log size = 500

lanman auth = yes
ntlm auth = yes

security = user
map to guest = bad user

passdb backend = tdbsam

local master = yes
os level = 255
preferred master = yes
printing = cups
printcap name = cups
load printers = no
cups options = bsd

I think this information will help you if you have Windows XP computers on your network.

7 thoughts on “Config for Samba to allow login Windows XP”

  1. Thanks very much!
    I found the reason here but don’t know why the samba developers make the change:
    ntlm auth (G)

    This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response. If disabled, either the lanman password hash
    or an NTLMv2 response will need to be sent by the client.

    If this option, and lanman auth are both disabled, then only NTLMv2 logins will be permited. Not all clients support NTLMv2, and most will require special configuration to
    use it.

    The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

    The default changed from “yes” to “no” with Samba 4.5.

    Default: ntlm auth = no

    Your solution works !
    And we can also change the LAN Manager settings to ntlmv2 in Windows XP to get connected!

  2. Hi! On Ubuntu 18.04 samba 4.7.6 if I enable theese lines, all my windows guests get the share without password!
    this is the result of tesparm -a

    Load smb config files from /etc/samba/smb.conf
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
    Processing section “[printers]”
    Processing section “[print$]”
    Loaded services file OK.
    Server role: ROLE_STANDALONE

    Press enter to see a dump of your service definitions

    # Global parameters
    [global]
    dns proxy = No
    lanman auth = Yes
    log file = /var/log/samba/log.%m
    logging = syslog@2 /var/log/samba/log.%m
    map to guest = Bad User
    max log size = 1000
    ntlm auth = ntlmv1-permitted
    obey pam restrictions = Yes
    pam password change = Yes
    panic action = /usr/share/samba/panic-action %d
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    passwd program = /usr/bin/passwd %u
    security = USER
    server max protocol = SMB2
    server role = standalone server
    server string = %h
    unix password sync = Yes
    usershare allow guests = Yes
    usershare owner only = No
    workgroup = MGS
    idmap config * : backend = tdb

    [printers]
    browseable = No
    comment = All Printers
    create mask = 0700
    path = /var/spool/samba
    printable = Yes

    [print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers

  3. forget it, I was testing from a virtual machine from the same host, that will allways work without password!

    Tested from W7 laptop and is asking password just fine

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 9 =


This site uses Akismet to reduce spam. Learn how your comment data is processed.