Vista Networking with Win98 / Mac / Linux / NAS
Posted by admin on Aug 18th, 2006
There have been a number of posts addressing this which recommend lowering the security levels in Vista. That is a lastditch workaround. Please try to get the other boxes to support better security before turning Vista's security to lower settings.Brief background: Vista, by default, only uses the more secure NTLMv2 to authenticate on file shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a number of other implementations of the SMB protocol only recently picked it up. If you are trying to connect to a system which does not support NTLMv2, an update will be required. If your system supports NTLMv2 but does not use it by default, a settings change will be required.If you are using Samba (Linux, OS/X): Make sure you have at least version 3.0.23 Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)If you are using a Sambabased NAS device: Contact the manufacturer for a firmware upgrade to use version 3.0.23 or later Follow manufacturer's instructions for enabling NTLMv2 through their configuration interfaceIf you are using Windows 9X: (Summarized from KB239869, "How to enable NTLM2 authentication" support.microsoft.com/default.aspx/kb/239869) Install the ADCE for Windows 9X download.microsoft.com/download/0/0/a/00a7161e8da84c44b74e469d769ce96e/dsclient9x.msi You may optionally uninstall the ADCE; uninstalling ADCE does not remove the files added to enable NTLMv2 Start > regedit; change HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0 to 0x3.If none of the above works, *as a last resort*, permit the lower level of security in Vista: On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level" and change from "NTLMv2 responses only" to "LM and NTLM use NTLMv2 session security if negotiated". On other SKUs of Vista, Start > regedit; change HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3 to 0x1.
Aug 19th, 2006 at 02:56 am
Thank you, Michael.Bob Lin, MSMVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on HowToNetworking.com "Michael A. Bishop (MSFT)" There have been a number of posts addressing this which recommend lowering the security levels in Vista. That is a lastditch workaround. Please try to get the other boxes to support better security before turning Vista's security to lower settings. Brief background: Vista, by default, only uses the more secure NTLMv2 to authenticate on file shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a number of other implementations of the SMB protocol only recently picked it up. If you are trying to connect to a system which does not support NTLMv2, an update will be required. If your system supports NTLMv2 but does not use it by default, a settings change will be required. If you are using Samba (Linux, OS/X): Make sure you have at least version 3.0.23 Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb) If you are using a Sambabased NAS device: Contact the manufacturer for a firmware upgrade to use version 3.0.23 or later Follow manufacturer's instructions for enabling NTLMv2 through their configuration interface If you are using Windows 9X: (Summarized from KB239869, "How to enable NTLM2 authentication" support.microsoft.com/default.aspx/kb/239869) Install the ADCE for Windows 9X download.microsoft.com/download/0/0/a/00a7161e8da84c44b74e469d769ce96e/dsclient9x.msi You may optionally uninstall the ADCE; uninstalling ADCE does not remove the files added to enable NTLMv2 Start > regedit; change HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0 to 0x3. If none of the above works, *as a last resort*, permit the lower level of security in Vista: On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level" and change from "NTLMv2 responses only" to "LM and NTLM use NTLMv2 session security if negotiated". On other SKUs of Vista, Start > regedit; change HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3 to 0x1.