17

I have a samba server setup for some time now. It is a Hardware NAS - which unfortunately does not provide access to the Samba logs. (the exact model of the NAS is called Addonics NAS Adapter )

I also have a Windows Vista and a Windows XP machine - from both I am able to map \\192.168.0.20\Smd with no errors ( net use l: \\192.168.0.20\Smd works, after asking for my username and password).

I also bought a brand new computer, with Windows 7, and when I try to execute the same exact net use command on it - using the exact same username/password pair, I get a "The specified network password is not correct." message. I also tried mapping from the Windows explorer menu, and got the same error.

I synchronized the clocks of the two machines, tried again... and yet the same error persists.

So what is really surprising here is that mapping works from WindowXP and Windows Vista machines, but fails from a Windows7 machine using the exact same command and username/password - Anyone has any idea of what could be causing this or how to solve the problem? Thanks

Improve this question
4
  • Can you check the SMB server logs?
    – Dean J
    Commented Dec 7, 2009 at 18:32
  • Best to post your responses as comments to specific answers or by editing your original question (otherwise things get confused and out of order with upvotes).
    – Kara Marfia
    Commented Dec 7, 2009 at 20:24
  • Actually I found the problem under Windows 7 / Vista is a lot worse than it appears. <a href="nikhef.nl/~janjust/CifsOverSSH/VistaLoopback.html">This walkthrough</a> might be of help to you if the accepted answer didn't work.
    – bobobobo
    Commented Apr 19, 2011 at 12:03
  • See also superuser.com/questions/115337/…
    – Mike T
    Commented Jul 26, 2012 at 0:11

6 Answers 6

Reset to default
20

Dominic D's explanation of what is going on is correct: Vista, Windows7, and Windows2008 r2 use NTLMv2 by default. Older implementations of Samba don't support this and will return a password failure. Fortunately you can tell Vista and Windows 7 (and I presume Server 2k8) to use the v1 protocol if the v2 is not available.

These are my notes for Vista, they worked for Windows 7 Pro 64-bit.

  1. Start -> run -> secpol.msc
  2. Local Policies -> Security Options -> Network Security: LAN Manager Authentication
  3. Change NTVLM2 responses only to LM and NTLM - use NTLMV2 session security if negotiated

If you are stuck with a Vista Home, there is no secpol.msc. Instead:

  1. Start -> Run -> regedit
  2. navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. for LmCompatibilityLevel, change the '3' to a '1'
  4. Rebooting might be necessary at this point.
Improve this answer
4
  • 2
    Thank you very much! I created a new LmCompatibilityLevel entry under the place you indicated (it was missing) as a REG_DWORD with a value of 1, and after a reboot I was able to mount the share under Windows7! I now have a bizarre problem where all folders appear as invisible when under the mapped drive when in a cmd.exe Window (again, on Windows7-only) - but I can live with this (I just hope Cygwin works properly... installing now).
    – Win7 Home User
    Commented Dec 8, 2009 at 12:16
  • 1
    Future readers: it is in your best interest to do whatever is feasible to encourage the vendor to update their Samba, because Windows password storage schemes prior to NTLMv2 are significantly easier to crack. lbl.gov/cyber/systems/lanman.html has a clear explanation.
    – Royce Williams
    Commented Nov 18, 2012 at 22:59
  • Did exactly the same as "Win7 Home User" and it worked on my Win 10 home x64
    – lowtech
    Commented May 23, 2016 at 12:58
  • Mine only worked with Send NTLMv2 response only. Refuse LN & NTLM. Samba 4.9.5-Debian.
    – TCB13
    Commented May 3, 2023 at 11:04
12

Windows7 and Windows2008 r2 use NTLMv2 by default. Older implementations of Samba don't support this and will return a password failure.

We had this exact same problem on our NAS.

Two solutions

  1. Bug your NAS vendor to update their implementation (we've just received a patch).
  2. Push a policy change either via GPO or via Local Policy. The setting you need to modify is: Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: LAN Manager authentication level. Set it to Send LM & NTLM - use NTLMv2 session security if negotiated. This gives you the best of both worlds, better security if supported, fall back if not. This should be the default Windows7/Windows2008r2 option IMO, but for whatever reason it isn't.
Improve this answer
1
  • Thanks for the response - updating the firmware of the NAS did not work, unfortunately, but with the tip by David Mackintosh I was able to change the auth settings.
    – Win7 Home User
    Commented Dec 8, 2009 at 12:17
0

This is probably not it, but you can try disabling SMB2 on the Windows 7 machine. SMB2 was introduced with Windows Vista so if the Vista machine works I would think the 7 machine would work as well, but it won't hurt to try it.

Improve this answer
1
  • I tried that. Disabled SMB2 using the commands (I am using === as a separator): === sc config lanmanworkstation depend= bowser/mrxsmb10/nsi === sc config mrxsmb20 start= disabled === but it didn't work (even after a reboot).
    – Win7 Home User
    Commented Dec 7, 2009 at 21:58
0

I hesitate to post this as an answer, because it's so flimsy, but this may be a purely Win7 Home thing that people using pro or ultimate editions wouldn't see. I remember reading something about homegroups - and they may have limited functionality or a change in syntax?

You may want to check with superuser.com if only because they may have more experience with the home version. (Home version may also mean the question belongs on SU, but I feel like the votes should decide that... seems a bit gray-area to just mod it over).

Are you able to pull up the share by sticking \192.168.0.20\Smd in the run box?

Improve this answer
4
  • Pro and Ultimate wouldn't handle networking differently than Home, but it could be a change to the networking in Windows 7 that caused the incompatibility.
    – Garrett
    Commented Dec 7, 2009 at 20:56
  • Thanks for the responses - David Mackintosh gave a tip that solved the problem!
    – Win7 Home User
    Commented Dec 8, 2009 at 12:18
  • 1
    @Garrett - well, I guess you can't join Home to a domain? But good to know it's unchanged otherwise.
    – Kara Marfia
    Commented Dec 8, 2009 at 12:24
  • Right, no domain joins and some other things like being a Remote Desktop destination, bitlocker, etc... but if they both do something, they do it the same way.
    – Garrett
    Commented Dec 8, 2009 at 21:02
0

It could be an issue with requirements of NTLM. I've read some people have to do the following to get their Win 7 box to work with samba.

Control Panel - Administrative Tools - Local Security Policy

Local Policies - Security Options

Network security: LAN Manager authentication level

Send LM & NTLM responses

Minimum session security for NTLM SSP

Disable Require 128-bit encryption

Improve this answer
2
  • I wasn't able to find a "Local Security Policy" menu - maybe because my Windows is Home? At any case, the closest I found to this was this option: File sharing connections Windows 7 uses 128-bit encryption to help protect file sharing connections. Some devices don't support 128-bit encryption and must use 40- or 56-bit encryption. [ ] Use 128-bit encryption to help protect file sharing connections (recommended) [ ] Enable file sharing for devices that use 40- or 56-bit encryption I enabled the second option, but nothing seems to change (even after a reboot).
    – Win7 Home User
    Commented Dec 7, 2009 at 21:41
  • Hrrm...I dont have a copy of Windows 7 Home Premium to verify but according to social.answers.microsoft.com/Forums/en-US/w7security/thread/… it's not available in that version of windows. I have no idea how you can modify those settings without it.
    – Dominic D
    Commented Dec 7, 2009 at 21:46
-1

You need to use double leading backslashes in your UNC paths.

Like this: net use I: \\192.168.0.20\Smd

Improve this answer
2
  • those are leading backslashes, not trailing...
    – quack quixote
    Commented Dec 7, 2009 at 19:25
  • Right - that is what I am doing (in the original post here I wrote this incorrectly - but I am giving the right commands).
    – Win7 Home User
    Commented Dec 7, 2009 at 21:37

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .