Vista Networking with Win98 / Mac / Linux / NAS

  • Thread starter Michael A. Bishop \(MSFT\)
  • Start date
M

Michael A. Bishop \(MSFT\)

There have been a number of posts addressing this which recommend lowering
the security levels in Vista. That is a last-ditch workaround. Please try
to get the other boxes to support better security before turning Vista's
security to lower settings.

Brief background:
Vista, by default, only uses the more secure NTLMv2 to authenticate on file
shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
number of other implementations of the SMB protocol only recently picked it
up. If you are trying to connect to a system which does not support NTLMv2,
an update will be required. If your system supports NTLMv2 but does not use
it by default, a settings change will be required.

If you are using Samba (Linux, OS/X):
- Make sure you have at least version 3.0.23
- Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

If you are using a Samba-based NAS device:
- Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
later
- Follow manufacturer's instructions for enabling NTLMv2 through their
configuration interface

If you are using Windows 9X: (Summarized from KB239869, "How to enable
NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
- Install the ADCE for Windows 9X -
http://download.microsoft.com/download/0/0/a/00a7161e-8da8-4c44-b74e-469d769ce96e/dsclient9x.msi
- You may optionally uninstall the ADCE; uninstalling ADCE does not remove
the files added to enable NTLMv2
- Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
to 0x3.

If none of the above works, *as a last resort*, permit the lower level of
security in Vista:
- On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
Policies" > "Security Options" > "Network Security: LAN Manager
authentication level" and change from "NTLMv2 responses only" to "LM and
NTLM -- use NTLMv2 session security if negotiated".
- On other SKUs of Vista, Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
to 0x1.
 
R

Robert L [MVP - Networking]

Thank you, Michael.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
There have been a number of posts addressing this which recommend lowering
the security levels in Vista. That is a last-ditch workaround. Please try
to get the other boxes to support better security before turning Vista's
security to lower settings.

Brief background:
Vista, by default, only uses the more secure NTLMv2 to authenticate on file
shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
number of other implementations of the SMB protocol only recently picked it
up. If you are trying to connect to a system which does not support NTLMv2,
an update will be required. If your system supports NTLMv2 but does not use
it by default, a settings change will be required.

If you are using Samba (Linux, OS/X):
- Make sure you have at least version 3.0.23
- Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

If you are using a Samba-based NAS device:
- Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
later
- Follow manufacturer's instructions for enabling NTLMv2 through their
configuration interface

If you are using Windows 9X: (Summarized from KB239869, "How to enable
NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
- Install the ADCE for Windows 9X -
http://download.microsoft.com/download/0/0/a/00a7161e-8da8-4c44-b74e-469d769ce96e/dsclient9x.msi
- You may optionally uninstall the ADCE; uninstalling ADCE does not remove
the files added to enable NTLMv2
- Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
to 0x3.

If none of the above works, *as a last resort*, permit the lower level of
security in Vista:
- On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
Policies" > "Security Options" > "Network Security: LAN Manager
authentication level" and change from "NTLMv2 responses only" to "LM and
NTLM -- use NTLMv2 session security if negotiated".
- On other SKUs of Vista, Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
to 0x1.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top