| Getting Vista to work with Samba |
Dec. 15, 2006
I was tinkering with my Vista system the other day, when I found it wouldn't connect with a pair of NAS (Network Attached Storage) drives. I was not a happy camper.
The drives, a pair of Seagate 400GB USB2.0 External Hard Drives, were connected to my Fast Ethernet network by a Linksys NSLU2, aka Slug, network storage link. All my other systems, which include XP Pro, MEPIS 6.01, Fedora 6, openSUSE 10.2, and SLED (SUSE Linux Enterprise Desktop) 10, had no trouble at all accessing these drives, so what was the problem?
After staring for much too long at network traffic logs, it suddenly hit me, I've seen a variation of this problem years ago. Vista defaults to using the NTLMv2 authentication. NTLMv2 is a 128-bit encrypted authentication protocol that has been around for over a decade. It was first introduced back in NT4 SP4.
Back in those days of stone-axes and bear-skins, I'd run into trouble with Windows 95 clients being unable to connect with "secured" NT4 SP4 servers. I fixed it then by setting the servers back to using NTLM.
Today, my problem was that by default Vista only used NTLMv2, and not NTLM or LM authentication. My NAS setup, like many NAS appliances, relies on a firmware-based Linux and Samba for its CIFS (Common Internet File System) file server.
The NSLU2 uses Samba 2.x, and that version doesn't speak NTLMv2. That's not too surprising. While NTLMv2 has been around for ages, almost no one, until now, has deployed it as a client operating system default protocol. Consequently, in addition to the NSLU2, you can expect many other such Linux/Samba-based devices, like the Iomega StorCenter Pro NAS 100d/160GB, the D-Link DSM-G600, and the Buffalo HD-H1.0TGL/R5-1 Terastation 1.0 Terabyte NAS, to not work with Vista.
It doesn't help any in working with NTLM2 that Microsoft has changed how it worked over time and its documentation is, to be kind, awful. For more on how NTLM2 actually works, see The Most Misunderstood Windows Security Setting of All Time. This is must reading for any network administrator who will be dealing with Vista.
Fortunately, there are two ways to fix this problem. The first is just to force Vista to use the NTLM protocol as well as NTLM2. To do that, use these commands:
Click "Start -> Run." Then, type in the Run field: "secpol.msc." That will bring you to Vista's security policy system. Once there, use "Go to: Local Policies > Security Options" and then find "Network Security: LAN Manager" authentication level. Once there, change the Setting from "Send NTLMv2 response only" to "Send LM & NTLM -- use NTLMv2 session security if negotiated."
Ta-da! My Vista workstation could use my Seagate drives.
The better long-term solution is to upgrade any of your Samba servers to 3.0.22 or higher, since they can handle NTLMv2. 3.0.21 will also do the trick, but it has a security hole in it, so if you're still using it, upgrade as soon as possible. The most recent stable version of Samba is 3.0.23d, and I highly recommend it.
I'd already done that with my SLES (SUSE Linux Enterprise Server) and RHEL (Red Hat Enterprise Linux) servers, so that's why I didn't immediately consider a Samba authentication problem when I first had trouble with the Vista box.
Unfortunately, upgrading the NSLU2, like any network appliance, isn't so easy. Upgrading almost any appliance requires you to change the firmware. However, in the case of the NSLU2, its most recent firmware dates from July, 2005 and it doesn't do the job.
So, what I did instead was head over to the NSLU2 Linux site. Once there, I installed an alternative firmware, Unslung. With that up and working -- they're not kidding, by the way, about following all the instructions -- I then used OptWare, a software package system for Unslung, to install an up-to-date version of Samba.
If that sounds complicated, well, yes, it is. I recommend only users who are very comfortable with getting their hands dirty with deep, down technology give it a try. For the rest of you, and there will be many of you soon, who want to get Vista and your network appliances on the same page, I recommend changing Vista's settings as described above, for now, and bugging your device vendors for upgraded firmware for the long-run.
-- Steven J. Vaughan-Nichols
Do you have comments on this story?
Talkback here
NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed