Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: DevoDave on January 08, 2007, 11:17:37 AM
-
If any of you are having problems with Vista logon to SME server running Samba, try:
Run secpol.msc
Go to: Local Policies > Security Options
Find “Network Security: LAN Manager authentication level”
Change Setting from “Send NTLMv2 response only”
to
“Send LM & NTLM - use NTLMv2 session security if negotiated”
Vista defaults to only send the more secure NTLMv2 protocol, which SME server's Samba does not support.
-
If any of you are having problems with Vista logon to SME server running Samba, try:
Run secpol.msc
Go to: Local Policies > Security Options
Find “Network Security: LAN Manager authentication level”
Change Setting from “Send NTLMv2 response only”
to
“Send LM & NTLM - use NTLMv2 session security if negotiated”
Vista defaults to only send the more secure NTLMv2 protocol, which SME server's Samba does not support.
I found the following information on the net:
Fortunately, there are two ways to fix this problem. The first is just to force Vista to use the NTLM protocol as well as NTLM2. To do that, use these commands:
Click "Start -> Run." Then, type in the Run field: "secpol.msc." That will bring you to Vista's security policy system. Once there, use "Go to: Local Policies > Security Options" and then find "Network Security: LAN Manager" authentication level. Once there, change the Setting from "Send NTLMv2 response only" to "Send LM & NTLM -- use NTLMv2 session security if negotiated."
Ta-da! My Vista workstation could use my Seagate drives.
The better long-term solution is to upgrade any of your Samba servers to 3.0.22 or higher, since they can handle NTLMv2. 3.0.21 will also do the trick, but it has a security hole in it, so if you're still using it, upgrade as soon as possible. The most recent stable version of Samba is 3.0.23d, and I highly recommend it.
I have added it to the bugtracker (bug 2256 (http://bugs.contribs.org/show_bug.cgi?id=2256)) as a feature request, this way the develepors have a record of the problem, and they can forward a bug to the CentOS bugtracker as they use CentOS as a base to go from.
-
ok - we were able by deactivating all the security setting in vista to connect it to a sme samba share. Think this is not an optimum solution.
I saw that there is under testing a sme8 with the required samba version; is then the fetchmail + other programs still working ? to answer this question we will need to wait - too long wait.
Really we need an update for sambe for sme7.1.3. I cannot do it - maybe someone else can. The sme samba becomes quite unfunctional when vista gives so many problems, and I am afraid that vista will become more popular; just bought an acer laptop, with vista - xp they did not want to install.
-
I guess this just highlights the problems of using v1.0 of anything Microsoft produces.......
In the meantime, we should remember SME is free -- and is supported by volunteers, who need time to catch up on what is bleeding edge stuff out there. We want them to get there with a stable and reliable product!
SME 7.2 (not 8) is the next version I believe, due soon but don't hold your breath - and don't try to force things along by trying to do it yourself - that way madness lies!
I couldn't do what the developers do, so I just fling a little monetary donation their way every so often.
I love SME, almost as much as chocolate fudge.
Cheers
Ian
-
I guess this just highlights the problems of using v1.0 of anything Microsoft produces......
As far as I am aware, this issue occurs because Windows Vista is using a more secure authentication method for connecting to network shares. I think it is a bit unfair to lay the blame before Microsoft.
Most of the security aspects of Windows Vista have been attacked in such a manner. When it was insecure, people moaned, when it was made secure, people moaned.
I'd rather have the complaints about a secure operating system than complaints about an insecure operating system.
Regardless, I am experiencing the same problems with connecting Windows Vista to a network share. It is not a big inconvenience yet, as we are still able to pick up Dell PCs with Windows XP for the foreseeable future, and I am confident that there will be a resolution to this issue in SME Server by the time Windows Vista is forced upon us.
-
I found this for Vista Home Premium users that can't run secpol.msc:
From Discussion Group: Windows Vista General Discussion
Subject: Re: Connecting Vista HOME PREMIUM edition to Samba/MacOS servers???
Date: 1/19/2007 3:30 PM PST
From: Jimmy Brush
Hello,
Changing the following registry key should achieve the same effect:
In:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Create the following DWORD value (if it doesn't exist):
LmCompatibilityLevel
And set its value to: 1