Close

Windows 7 to run together on the network with Linux Samba and Windows XP – 2

Windows 7 defaults to using the NTLMv2 authentication.

NTLMv2 is a 128-bit encrypted authentication protocol that has been around for over a decade. It was first introduced back in NT4 SP4.
Today, my problem was that by default Vista only used NTLMv2, and not NTLM or LM authentication.

The NSLU2 uses Samba 2.x, and that version doesn’t speak NTLMv2. That’s not too surprising. While NTLMv2 has been around for ages, almost no one, until now, has deployed it as a client operating system default protocol. Consequently, in addition to the NSLU2, you can expect many other such Linux/Samba-based devices to not work with Vista.
It doesn’t help any in working with NTLM2 that Microsoft has changed how it worked over time and its documentation is, to be kind, awful. For more on how NTLM2 actually works, see The Most Misunderstood Windows Security Setting of All Time. This is must reading for any network administrator who will be dealing with Vista.

Fortunately, there are two ways to fix this problem. The first is just to force Vista to use the NTLM protocol as well as NTLM2. To do that, use these commands:

 

Click “Start -> Run.”
Then, type in the Run field: “secpol.msc.”
That will bring you to Vista’s security policy system.
Once there, use “Go to: Local Policies > Security Options” and then find “Network Security: LAN Manager” authentication level.
Once there, change the Setting from “Send NTLMv2 response only” to “Send LM & NTLM — use NTLMv2 session security if negotiated.”


The better long-term solution is to upgrade any of your Samba servers to 3.0.22 or higher, since they can handle NTLMv2. 3.0.21 will also do the trick, but it has a security hole in it, so if you’re still using it, upgrade as soon as possible. The most recent stable version of Samba is 3.0.23d, and I highly recommend it

scroll to top