Vista Forums - View Single Post - Vista Networking with Win98 / Mac / Linux / NAS

03-20-2007

Thank you, Michael.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Michael A. Bishop (MSFT)" <michael.bishop@microsoft.com> wrote in message news:Oql%23OFnaHHA.5108@TK2MSFTNGP03.phx.gbl...
There have been a number of posts addressing this which recommend lowering
the security levels in Vista. That is a last-ditch workaround. Please try
to get the other boxes to support better security before turning Vista's
security to lower settings.

Brief background:
Vista, by default, only uses the more secure NTLMv2 to authenticate on file
shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a
number of other implementations of the SMB protocol only recently picked it
up. If you are trying to connect to a system which does not support NTLMv2,
an update will be required. If your system supports NTLMv2 but does not use
it by default, a settings change will be required.

If you are using Samba (Linux, OS/X):
- Make sure you have at least version 3.0.23
- Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb)

If you are using a Samba-based NAS device:
- Contact the manufacturer for a firmware upgrade to use version 3.0.23 or
later
- Follow manufacturer's instructions for enabling NTLMv2 through their
configuration interface

If you are using Windows 9X: (Summarized from KB239869, "How to enable
NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869)
- Install the ADCE for Windows 9X -
http://download.microsoft.com/downlo...dsclient9x.msi
- You may optionally uninstall the ADCE; uninstalling ADCE does not remove
the files added to enable NTLMv2
- Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0
to 0x3.

If none of the above works, *as a last resort*, permit the lower level of
security in Vista:
- On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local
Policies" > "Security Options" > "Network Security: LAN Manager
authentication level" and change from "NTLMv2 responses only" to "LM and
NTLM -- use NTLMv2 session security if negotiated".
- On other SKUs of Vista, Start > regedit; change
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3
to 0x1.

03-20-2007	#2 (permalink)
Robert L [MVP - Networking] n/a posts	Re: Vista Networking with Win98 / Mac / Linux / NAS Thank you, Michael. Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "Michael A. Bishop (MSFT)" <michael.bishop@microsoft.com> wrote in message news:Oql%23OFnaHHA.5108@TK2MSFTNGP03.phx.gbl... There have been a number of posts addressing this which recommend lowering the security levels in Vista. That is a last-ditch workaround. Please try to get the other boxes to support better security before turning Vista's security to lower settings. Brief background: Vista, by default, only uses the more secure NTLMv2 to authenticate on file shares. NTLMv2 has been around for quite a while (Windows NT4 SP4), but a number of other implementations of the SMB protocol only recently picked it up. If you are trying to connect to a system which does not support NTLMv2, an update will be required. If your system supports NTLMv2 but does not use it by default, a settings change will be required. If you are using Samba (Linux, OS/X): - Make sure you have at least version 3.0.23 - Add "client ntlmv2 auth = yes" to your smb.conf (in /etc or /etc/smb) If you are using a Samba-based NAS device: - Contact the manufacturer for a firmware upgrade to use version 3.0.23 or later - Follow manufacturer's instructions for enabling NTLMv2 through their configuration interface If you are using Windows 9X: (Summarized from KB239869, "How to enable NTLM2 authentication" - http://support.microsoft.com/default.aspx/kb/239869) - Install the ADCE for Windows 9X - http://download.microsoft.com/downlo...dsclient9x.msi - You may optionally uninstall the ADCE; uninstalling ADCE does not remove the files added to enable NTLMv2 - Start > regedit; change HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x0 to 0x3. If none of the above works, as a last resort, permit the lower level of security in Vista: - On Vista Business, Enterprise, or Ultimate, run secpol.msc; go to "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level" and change from "NTLMv2 responses only" to "LM and NTLM -- use NTLMv2 session security if negotiated". - On other SKUs of Vista, Start > regedit; change HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LMCompatibility from 0x3 to 0x1.
My System Specs