Cannot Get Any Peer to Peer Non-Domain Networking to Work

  • Thread starter Thread starter Will
  • Start date Start date
W

Will

I am having problems getting Windows XP client A to use a share on Windows
XP server B. I have read through the excellent knowledgebase 103390:

http://support.microsoft.com/kb/103390

and that gives a lot of clues about the algorithm Microsoft is using to
establish SMB connections, but I'm still not able to get it to work.

Some background tasks I have performed so far:

1) I create a common local user account foo on both computers A and B, with
identical password

2) I do not have either computer in a domain. I did put them in the same
workgroup.

3) In desperation, I enabled the Guest account on computer B since that
account appears to offer some alternative anonymous SMB capability when
authentication fails.

I have tried issuing these commands from the client computer A:, and all of
them are failing with the 1326 authentication failure message:

net use t: \\computer-b\c$

net use t: \\computer-b\c$ /user:foo

The first command prompts for a user account and I supply foo, but after
supplying password I still get 1326. The second command prompts for
password and then gives the 1326.

Knowledgebase 103390 makes clear that the prompts for userid may be a "Fake"
thrown by Windows to prevent a hacker from reverse engineering security on
the target. Unfortunately, it's also preventing me from getting into my
own computer.

Any advice on how to make this most basic peer to peer networking work is
appreciated. I probably just need to change the value of a few registry
keys set to higher security settings, but I would like to get this to work
with the maximum possible security possible for peer to peer networking. I
would strongly like to forbid anonymous browsing and would like it to work
with a specific user account.
 
"Will" said:
I am having problems getting Windows XP client A to use a share on Windows
XP server B. I have read through the excellent knowledgebase 103390:

http://support.microsoft.com/kb/103390

and that gives a lot of clues about the algorithm Microsoft is using to
establish SMB connections, but I'm still not able to get it to work.

Some background tasks I have performed so far:

1) I create a common local user account foo on both computers A and B, with
identical password

2) I do not have either computer in a domain. I did put them in the same
workgroup.

3) In desperation, I enabled the Guest account on computer B since that
account appears to offer some alternative anonymous SMB capability when
authentication fails.

I have tried issuing these commands from the client computer A:, and all of
them are failing with the 1326 authentication failure message:

net use t: \\computer-b\c$

net use t: \\computer-b\c$ /user:foo

The first command prompts for a user account and I supply foo, but after
supplying password I still get 1326. The second command prompts for
password and then gives the 1326.

Knowledgebase 103390 makes clear that the prompts for userid may be a "Fake"
thrown by Windows to prevent a hacker from reverse engineering security on
the target. Unfortunately, it's also preventing me from getting into my
own computer.

Any advice on how to make this most basic peer to peer networking work is
appreciated. I probably just need to change the value of a few registry
keys set to higher security settings, but I would like to get this to work
with the maximum possible security possible for peer to peer networking. I
would strongly like to forbid anonymous browsing and would like it to work
with a specific user account.
Click to expand...

Please reply to this message in the news group (not by E-mail) with
more information to help other people understand the problem:

1. Does computer B run Windows XP Home Edition? Home Edition doesn't
create administrative shares such as C$. You would have to manually
create that share.

2. If computer B runs Windows XP Professional, is simple file sharing
enabled or disabled?

3. How did you enable the Guest account on computer B? The Guest
account setting in Control Panel > User Accounts has nothing to do
with networking -- it determines whether you can log on as Guest at
computer B's local keyboard.

4. What happens when you run this command on computer A?

net view \\computer-b

5. What happens when you type this in the Start > Run box on computer
A?

\\computer-b

6. If #5 shows a list of computer B's shared folders, what happens if
you click one of them?
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Steve Winograd said:
Please reply to this message in the news group (not by E-mail) with
more information to help other people understand the problem:

1. Does computer B run Windows XP Home Edition? Home Edition doesn't
create administrative shares such as C$. You would have to manually
create that share.
Click to expand...

Both computers run Windows XP Professional.

2. If computer B runs Windows XP Professional, is simple file sharing
enabled or disabled?
Click to expand...

Simple file sharing is disabled on both machines and I would like to keep it
that way. I prefer to use NTFS permissions to limit access to the disk.

3. How did you enable the Guest account on computer B? The Guest
account setting in Control Panel > User Accounts has nothing to do
with networking -- it determines whether you can log on as Guest at
computer B's local keyboard.
Click to expand...

Then how do you explain the algorithm in Microsoft Knowledgebase 103390
which includes such lines as:

If the guest account is enabled
The command completed successfully.
If the guest account is disabled
(* See Note a).
The user is prompted for a password.
System error 1326 has occurred. Logon failure:
unknown user name or bad password.

Such lines certainly suggest that the command is executing in a security
context of the Guest user account if authentication to a specific user is
failing. If it does not mean that, then what do the algorithm lines above
mean?

4. What happens when you run this command on computer A?

net view \\computer-b
Click to expand...

I get a 1326 error.

5. What happens when you type this in the Start > Run box on computer
A?

\\computer-b
Click to expand...

"The filename, directory name, or volume label syntax is incorrect."

6. If #5 shows a list of computer B's shared folders, what happens if
you click one of them?
Click to expand...

Did you perhaps mean to ask me to type \\computer-b in the edit text of the
Explorer application? When I type this in Explorer it just hangs.
 
"Will" said:
Both computers run Windows XP Professional.


Simple file sharing is disabled on both machines and I would like to keep it
that way. I prefer to use NTFS permissions to limit access to the disk.


Then how do you explain the algorithm in Microsoft Knowledgebase 103390
which includes such lines as:

If the guest account is enabled
The command completed successfully.
If the guest account is disabled
(* See Note a).
The user is prompted for a password.
System error 1326 has occurred. Logon failure:
unknown user name or bad password.

Such lines certainly suggest that the command is executing in a security
context of the Guest user account if authentication to a specific user is
failing. If it does not mean that, then what do the algorithm lines above
mean?


I get a 1326 error.


"The filename, directory name, or volume label syntax is incorrect."


Did you perhaps mean to ask me to type \\computer-b in the edit text of the
Explorer application? When I type this in Explorer it just hangs.
Click to expand...

Thanks for the detailed reply!

For #3: Here are the commands to enable and disable the Guest account
for networked access:

net user guest /active:yes
net user guest /active:no

With simple file sharing disabled on computer B, it should make no
difference whether the Guest account is enabled or disabled for
networked access. Networked users log on as themselves, not as Guest.
------------------
For #5: That command shouldn't get error message that you listed.
Please try it again by typing the command in the Start > Run box, not
in a command prompt window.
------------------
For #6: I'm sorry, but I don't know what you mean by " the edit text
of the Explorer application". Typing "\\computer-b" in the Address
bar of Windows Explorer should do the same thing as typing it in the
Start > Run box.
------------------
Make sure that the logged-in account on computer A has the same user
name and non-empty password as an account on computer B.

On computer A, go to Control Panel > User Accounts, click your
account, click "Manage my network passwords", and remove any saved
passwords for computer B.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Back
Top