How to connect to older Samba server versions using Vista RC1

I ran across an issue with my home network server, which is running an older version of Linux and Samba to share files around the house. Vista RC1 wouldn’t authenticate with the server. After some digging using Google I found out that you need to change one of the local security policies (Local Policies – Security Options – Network Security: LAN manager authentication level) from “Send NTLMv2 response only” to “Send LM & NTLM – use NTLMv2 session security if negotiated”.

Unfortunately the machine I had this problem on didn’t have the secpol.msc file on it (I still don’t know why), so I dug some more and found that there is an equivalent raw registry key:

HKLM/System/CurrentControlCset/Control/LSA – LMCompatibilityLevel

It’s 3 by default on Vista RC1 (NTLM2 only) and I had to change it to 1 (LM & NTLM, NTLMv2 if negotiated).

I’m afraid that this will bite some other folks like me who have “unorthodox” network setups at home. I hope Microsoft has a good reason to ship with this default setting, but I’d advocate they change it.

Update: A friend at Microsoft helped me realize that enabling LM & NTLM can be a potential security risk. Passwords can be stolen when using LM and NTLM. Vista uses NTLM2 by default to guard against the known vulnerabilities of NT & NTLM authentication.

In my personal situation I’m not that worried about changing the setting, since my computers stay isolated on my home network, but it’s probably not for everybody.

1 Comments

  1. Matt

    If you have access to the server, open the smb.conf file and add the line:
    encrypt passwords=yes
    This makes samba not use plain text passwords, and windows 7 is then happy to connect properly!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.