Config for Samba to allow login Windows XP

Today I found a solution for Samba 4.6.2 in Centos 7.4 for all versions of Windows from 7 upwards are able to connect less Windows XP.

Word in smb.conf

lanman auth = yes
ntlm auth = yes

That’s how the config looks:

workgroup = SAMBA
server string = Samba
netbios name = Samba
interfaces =
hosts allow = 127. 192.168.22. 192.168.0.
max protocol = SMB2
socket options = TCP_NODELAY
read raw = no
log file = /var/log/samba/log.%m
max log size = 500

lanman auth = yes
ntlm auth = yes

security = user
map to guest = bad user

passdb backend = tdbsam

local master = yes
os level = 255
preferred master = yes
printing = cups
printcap name = cups
load printers = no
cups options = bsd

I think this information will help you if you have Windows XP computers on your network.

14 thoughts on “Config for Samba to allow login Windows XP”

  1. Thanks very much!
    I found the reason here but don’t know why the samba developers make the change:
    ntlm auth (G)

    This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM encrypted password response. If disabled, either the lanman password hash
    or an NTLMv2 response will need to be sent by the client.

    If this option, and lanman auth are both disabled, then only NTLMv2 logins will be permited. Not all clients support NTLMv2, and most will require special configuration to
    use it.

    The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

    The default changed from “yes” to “no” with Samba 4.5.

    Default: ntlm auth = no

    Your solution works !
    And we can also change the LAN Manager settings to ntlmv2 in Windows XP to get connected!

  2. Hi! On Ubuntu 18.04 samba 4.7.6 if I enable theese lines, all my windows guests get the share without password!
    this is the result of tesparm -a

    Load smb config files from /etc/samba/smb.conf
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
    Processing section “[printers]”
    Processing section “[print$]”
    Loaded services file OK.
    Server role: ROLE_STANDALONE

    Press enter to see a dump of your service definitions

    # Global parameters
    dns proxy = No
    lanman auth = Yes
    log file = /var/log/samba/log.%m
    logging = syslog@2 /var/log/samba/log.%m
    map to guest = Bad User
    max log size = 1000
    ntlm auth = ntlmv1-permitted
    obey pam restrictions = Yes
    pam password change = Yes
    panic action = /usr/share/samba/panic-action %d
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    passwd program = /usr/bin/passwd %u
    security = USER
    server max protocol = SMB2
    server role = standalone server
    server string = %h
    unix password sync = Yes
    usershare allow guests = Yes
    usershare owner only = No
    workgroup = MGS
    idmap config * : backend = tdb

    browseable = No
    comment = All Printers
    create mask = 0700
    path = /var/spool/samba
    printable = Yes

    comment = Printer Drivers
    path = /var/lib/samba/printers

  3. forget it, I was testing from a virtual machine from the same host, that will allways work without password!

    Tested from W7 laptop and is asking password just fine

  4. Awesome, have been very frustrated trying to connect my Fujitsu ScanSnap N1800 to Samba 4.7, now it works!!

  5. Great, thanks a lot !
    I was very surprised that on my Ubuntu 18.04 server, immediately after saving my config file, it has started to work : without restarting the nmbd and smbd services ! don’t know why…

    1. It looks like when you save the configuration file, the smb service makes a reload without restarting the services. Sometimes it is mandatory that you restart to stop active connections and start with the new settings.

  6. Thanks. This issue really got serious with my server upgrade to OpenSUSE 15. I’ve got several Win XP virtual machines running a single legacy app and all of a sudden they couldn’t get permission for access. I went through a considerable amount of time working with the new firewalld configuration as well as several other things and still couldn’t make it work. Couldn’t see any other computers in my network, but was able to access the server directly using the address (\\server\share). It kept requesting user name and password, but then wouldn’t accept them. This cured the problem. Thanks again.

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 9 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.