Windows 7 & Windows Server 2008, like Windows Vista, does not use LanManager authentication by default. So that will cause issues when trying to connect to an SMB share such as a SNAPSERVER, Linux Box or Apple Machine.

For your Win 7/Server 2008/Vista PCs,  to use these shares correctly you may have to change the LanManager Compatibility level. Win 7/Server 2008/Vista does not use LM or NTLM for authentication by default, but the filer may only send LM or NTLM responses so the settings need to be changed. This will basically ‘downgrade’ the authentication mechanisms to work with the NAS filer software and can be done two ways:
Group Policy:
Computer Configuration – Policies – Windows Settings – Security Settings – Local Policies – Security Options
Network security: LAN Manager authentication level
You may need to change this to Send LM & NTLM – use NTLMv2 session security if negotiated for the most compatibility, but Send NTLM response only would be more secure so you should try it first

Registry Edit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\
Set the lmcompatibilitylevel value to 2 which would be equivalent to the Send NTLM response only in the Group Policy setting

After you change these settings, you will need to reboot.

LmCompatibilityLevel settings
The LmCompatibilityLevel registry entry can be configured with the following values:

  • LmCompatibilityLevel value of 0: Send LAN Manager (LM) response and NTLM response; never use NTLM version 2 (NTLMv2) session security. Clients use LM and NTLM authentication, and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
  • LmCompatibilityLevel value of 1: Use NTLMv2 session security, if negotiated. Clients use LM and NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
  • LmCompatibilityLevel value of 2: Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
  • LmCompatibilityLevel value of 3: Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
  • LmCompatibilityLevel value of 4: (Server Only) – Domain controllers refuse LM responses. Clients use NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers refuse LM authentication, and accept NTLM and NTLMv2 authentication.
  • LmCompatibilityLevel value of 5: (Server Only) – Domain controllers refuse LM and NTLM responses, and accept only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2 session security if the server supports it; domain controllers refuse NTLM and LM authentication, and accept only NTLMv2 authentication.

Tags: ,

2 comments

  1. mauro
  2. Brian Fleishman

Trackback e pingback

No trackback or pingback available for this article

Leave a Reply