SOLVED Unable to authenticate to SMB share from one particular server

[KavNas]

hi everyone,

Running: FreeNAS-11.2-U4.1 as a VM on ESXi

I have created an SMB share and it works fine, I can browse and authenticate to the share from my PC and my DC server, however my DNS server fails to authenticate with the same credentials. Driving me mad, cant understand why. Is there any logging on the FreeNAS side that can shine some light on the issue?

 

[dlavigne]

Which OS and version on the system that fails?

 

[KavNas]

both the DC (works) and the DNS (doesnt work) server are Windows Server 2012 R2.

 

[anodos]

/var/log/samba4/log.smbd would probably be a good place to start. Logging verbosity is controlled under Services->SMB.

 

[KavNas]

This is whats appearing in the log:
root@freenas[~]# tail /var/log/samba4/log.smbd
{"timestamp": "2019-06-03T20:32:13.237396-0700", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.100.21:445", "remoteAddress": "ipv4:192.168.100.7:52539", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "CLEANED", "clientAccount": "backup", "workstation": "DNS", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "backup", "mappedDomain": "CLEANED", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv1", "duration": 5517}}
[2019/06/03 20:32:13.963595, 2] ../source3/param/loadparm.c:2815(lp_do_section)
Processing section "[Backup]"
[2019/06/03 20:32:13.965085, 2] ../libcli/auth/ntlm_check.c:430(ntlm_password_check)
ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user backup
[2019/06/03 20:32:13.965775, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [backup] -> [backup] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2019/06/03 20:32:13.965865, 2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [CLEANED]\[backup] at [Mon, 03 Jun 2019 20:32:13.965845 PDT] with [NTLMv1] status [NT_STATUS_WRONG_PASSWORD] workstation [DNS] remote host [ipv4:192.168.100.7:52541] mapped to [CLEANED]\[backup]. local host [ipv4:192.168.100.21:445]
{"timestamp": "2019-06-03T20:32:13.966222-0700", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.100.21:445", "remoteAddress": "ipv4:192.168.100.7:52541", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "CLEANED", "clientAccount": "backup", "workstation": "DNS", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "backup", "mappedDomain": "CLEANED", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv1", "duration": 5625}}

 

[KavNas]

Conversely when I open the share successfully on another machine it does this:
[2019/06/03 21:25:52.235161, 2] ../source3/auth/auth.c:316(auth_check_ntlm_password)
check_ntlm_password: authentication for user [backup] -> [backup] -> [backup] succeeded
[2019/06/03 21:25:52.321121, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2019/06/03 21:25:52.321246, 1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers)
pcap cache not loaded
[2019/06/03 21:25:52.553563, 2] ../source3/smbd/service.c:849(make_connection_snum)
pc04 (ipv4:192.168.100.230:52637) connect to service Backup initially as user backup (uid=1000, gid=1000) (pid 59337)
[2019/06/03 21:26:07.176895, 2] ../source3/smbd/service.c:1129(close_cnum)
pc04 (ipv4:192.168.100.230:52637) closed connection to service Backup

 

[anodos]

Code:

, "passwordType": "NTLMv1"

Check the 'allow ntlmv1' checkbox under Services->SMB, or fix your Windows client so that it's not using NTLMv1. The latter is the preferred fix, the former may be fine in a home environment.

 

[KavNas]

Thanks for the help. Managed to track down a local policy that was causing the issue:
Computer config\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level

This was never set manually so its quite unusual. Have forced ntlmv2 auth and its working now :)