Share via

Windows 11 Pro Cannot Connect to NAS Authentication Failed

Ryan Timothy Guiles 0 Reputation points
2024-06-01T22:39:13.12+00:00

Windows 11 Pro Cannot Connect to NAS Authentication Failed

My Cloud Ex2 Ultra

I’ve spent some time troubleshooting, figured ask for thoughts. Not going to list all the steps that I have already attempted but below are a few:

Windows 11 Pro

Was Microsoft Account, converted to now a local account (Not AD connected using default WORKGROUP)

SMB 1.0/CIFS File Sharing Support and child options enabled

SMB Direct enabled -Services for NFS and child options enabled

Attempting to connect to NFS via Windows File Explorer.

Let’s say we go to \[ipv4_address] It will not load until I enter my username and password.

Once I enter the username and password it authenticates then goes to next screen to show the file shares at \[ipv4_address].

Then, attempt to change active working directory to \[ipv4_address][password_protected_share]. I make certain to click the other user option to manually type in the user name and password but it just will not stick on. And I know I’m typing in the correct user name and password.

2024 May 31 00:11:26|SAMBA|CIFS: Authentication for user [[username]] has FAILED. 2024 May 31 00:11:13|SAMBA|CIFS: Authentication for user [nobody] has FAILED.

I know the username and password also works since when I connect with my Mac it works seamlessly.

Thoughts for next steps?

So, I had too much coffee today and decided to do more research. Enabled SSH temporarily and reviewed the configuration file and the log file.

I noticed something interesting in the logs.

So, of the logs I noticed this:

[2024/05/31 00:10:59.893186, 3] …/…/auth/ntlmssp/ntlmssp_server.c:509(ntlmssp_server_preauth) Got user= domain=[y] workstation=[z] len1=24 len2=294 [2024/05/31 00:10:59.893301, 3] …/…/source3/auth/auth.c:204(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [y]@[z] with the new password interface.

Going to change the option in Windows from “This computer is part of a business network; I use it to connect to other computers at work” to “This is a hone computer; it’s not part of a business network” and test findings.

Better question is why Windows 11 is not logging correctly Samba file share server, that’s built into the default configuration.

Will attempt to remove PIN tomorrow and test change.

https://community.wd.com/t/windows-11-pro-cannot-connect-to-nas-authentication-failed/291596

https://answers.microsoft.com/en-us/windows/forum/all/windows-11-pro-cannot-connect-to-nas/8c2570a6-d1d8-49bb-9c2b-0a28c3b83dcd

Determined cause not needing SMB 1. Removed that feature. Why is Windows not just passing user name and password? Why is it passing user name @ device? Of course that's going to fail.

Checking password for unmapped user [Hostname][User]@[Hostname] with the new password interface

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,708 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan Timothy Guiles 0 Reputation points
    2024-06-02T03:21:35.3066667+00:00

    My Cloud Ex2 Ultra

    • Disabled NFS
    • Had to remove group due to conflicting polices for read / write where group would take priority over user defined permission
    • Verified SMB 3 was only selected
    • Verified only NTLM2 selected
    • Enabled Verbose logs

    Rouge DHCP Server

    • Found and eliminated that and made a bridge (due to being a VM)

    Other Fun Actions:

      1. Reviewing packet captures
      1. Reviewing Event viewer for "SMBClient" logs
      1. ssh into My Cloud Ex2 Ultra and review Samba configuration file and detailed logs
    • Dreading anyone that says let's downgrade to SMB 2 or even SMB 1 in 2024 or use NTLM 1

    Windows 11:

    • Windows Updates
    • Clear Credential Manager (if attempted for prior testing)
    • https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default
    • Computer Configuration > Administrative Templates > Network > Lanman Workstation (Enabled)
    • Local Security Policy
      • LAN Manger Authentication Level = Send NTLMv2 response only and refuse LM & NTLM
      • Minimal session security for NTLM SSP (both options) NTLMv2 and 128 checked
    • Useful command to speed up troubleshooting to avoid reboots
      • net stop workstation /y
      • net start workstation
    • Adjusted network profile from public to private
    • Downgraded from Microsoft to local account
    • Removed PIN

    Mac: [UPPERCASEUSERNAME]@[Server_IP]/[Share_name]

    Mac supports SMB3. Example: RYAN@127.0.0.1/share

    Still not certain why username must be upper case in mac when server reads all text for username as lower case, but it works. And, it does not work if it's lowercase.

    • FYI The setting in MAC (the Apple, not Media Access Control) for file share IS ONLY if you want MAC to be a server (not need to enable that for client mode only!)
    • Clear Keychain for prior saved password before attempting again

    Sources:

    https://help.ubuntu.com/community/Fstab

    https://linux.die.net/man/8/mount.cifs

    https://ubuntu.com/server/docs/how-to-mount-cifs-shares-permanently

    https://www.linode.com/docs/guides/linux-mount-smb-share/

    Below is a heavy fork of the last reference

    Phase 0 – Get ready

    sudo apt-get update && sudo apt-get upgrade

    sudo apt update && sudo apt upgrade

    // Reboot of recommended

    sudo apt install cifs-utils

    fuser

    // Terminal should usage / options for command if installed in output stream

    Phase 1 – Test Ability to Connect to Samba SMB share

    // [] denote holding a variable of your choosing, do not enter these in the terminal

    sudo mkdir /mnt/[smb_share_name]

    sudo mount -t cifs -o user=[user_name] //[smb_server_ipv4]/[smb_share_name] /mnt/[smb_share_name]

    Enter password when prompted.

    If error review data input or various error logs, hence the point of this stage happy hunting!

    sudo umount -t cifs /mnt[smb_share_name]

    Phase 2 – Create Credentials File

    // Store where needed for business or personal needs and attempt to restricted access

    sudo nano ~/.credentials

    Line 1: username=[smb_user_name]

    Line 2: password=[smb_user_name_password]

    // Save changes and exit file

    // This guide is designed for the Western Digital Hard drive so doesn’t not have Domain in home configuration.

    sudo chown [linux_active_user_name]:~/.credentials

    sudo chmod 600 ~/.credentials

    sudo mount -t cifs -o user=[smb_user_name] //[smb_server_ipv4]/[smb_share_name] /mnt/[smb_share_name]

    If error review data input or various error logs, hence the point of this stage happy hunting!

    sudo umount -t cifs /mnt[smb_share_name]

    Phase 3 - /etc/fstab

    sudo nano /etc/fstab

    // Review https://help.ubuntu.com/community/Fstab

    // Review https://ubuntu.com/server/docs/how-to-mount-cifs-shares-permanently

    // Add a new line item in the most logical spot

    //[smb_server_ipv4]/ [smb_share_name] /mnt/[smb_share_name] cifs credentials=~/.credentials,uid=1000,gid=100 0 0

    // Save changes and reboot changes

    If error review data input or various error logs, hence the point of this stage happy hunting!

    0 comments