As I just got a new laptop Dell XT2 Windows, this is probably the first post of a series on Windows 7, that I will complete the likings of my problems or discoveries.
I open the series with a problem. That it is impossible for me to connect to a Samba drive. I'm trying different user accounts to no avail. The same error comes back.
A small google search leads us directly to articles that show a minimum configuration of Samba 3.4 for connectivity with Windows 7:
- http://www.clubic.com/tout-savoir/windows-7/ join-a-Controller-de-samba-domain-with-windows-seven-671672.html
- http://wiki.samba.org/index.php/Windows7
While our old Samba server is 3.0.
Not satisfied with this response, I continue to seek what could be changed between XP and Seven. I finally understand that this should be the security policy. Whether XP or Windows 7, you can set this strategy in the screen "Local Security Policy" available from: Control Panel -> Administrative Tools -> Local Security Policy.
In this screen, the next choose "Local Policies" and then "Security Options". A series of options apparait.Celles interest are:
- Network Security: LAN Manager authentication level: Undefined
- Network Security: Minimum session security for NTLM SSP based clients (including secure RPC) : Require a level of encryption to 128 bits.
- Network Security: Minimum session security for NTLM SSP based servers (including secure RPC): Require a level of encryption to 128 bits.
A comparison with XP as well as a post reading using Microsoft says that the failure of these values has changed between XP / Vista and Windows on one side 7 of the other.
While "Network security: LAN Manager authentication level" is "Not defined in Seven, it would be" Send LM & NTLM responses ".
Similarly both "Network security: Minimum session security for NTLM SSP based XXXXX (including secure RPC)" worth "no minimum" in XP and Vista, so we have "Require a level of 128-bit "Windows 7.
NTLM SSP (NT LAN Manager Security Support Provider) is the mechanism used by Samba to verify the authentication with Windows clients. Support for different configuration settings depends dual consistency between servers and clients.
- LM (Challenge / Response LAN Manager) is the oldest protocol ensures compatibility with Windows 95 and 98 positions
- NTLM provides improved security from NT.
- NTLM version 2 offers even better security, but excludes items in Windows 95 and requires the installation an Active Directory client extension for 98.
In our case, Samba 3.0 should be able to support NTLM version 2, I think my problem was mainly due to the 128-bit encryption.
Oddly, if I returned to
- Network Security: LAN Manager authentication level: Send LM & NTLM - use session security if negotiated NTLM2
- and "Require a level of encryption to 128 bits for both others
my connection runs even after a reboot. it would mean that authentication is negotiated once and for all.
0 comments:
Post a Comment