You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: pingtosen
pingtosen Author
User level: Level 1
8 points

Force finder to use NTLMv2 settings

Hi All,

Need to force finder to use NTLMv2 when connecting to a windows share.

Even with setting "client ntlmv2 auth = yes" in /etc/smb.conf, connecting to the share always resulted in "wrong/bad password error message". It always uses NTLMv1 only. Can anyone point me to any other setting/configuration to enable ntlmv2 for finder.

Between any changes in /etc/smb.conf is picked up by smbclient command line utility.

Thanks in advance.
rohitk

mac mini, Mac OS X (10.6.2)

Posted on Mar 16, 2010 11:40 PM

Reply
5 replies
User profile for user: Nils C. Anderson
Nils C. Anderson
User level: Level 4
3,495 points

Mar 18, 2010 1:04 PM in response to pingtosen

Interesting. ""client ntlmv2 auth = yes"" should have disabled NTLMv1

from smb.conf(1): 

 client ntlmv2 auth (G)
.
.
.
 Similarly, if enabled, NTLMv1, client lanman auth and client plaintext auth authentication will be dis-
 abled. This also disables share-level authentication.


Have you checked the smb.conf file using testparm?

Have you tried also disabling: 


 ntlm auth (G)
 This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM
 encrypted password response. If disabled, either the lanman password hash or an NTLMv2 response will
 need to be sent by the client.
 If this option, and lanman auth are both disabled, then only NTLMv2 logins will be permited. Not all
 clients support NTLMv2, and most will require special configuration to us it.
 Default: ntlm auth = yes
Reply
User profile for user: pingtosen
pingtosen Author
User level: Level 1
8 points

Mar 18, 2010 9:49 PM in response to pingtosen

Yes I did try "ntlm auth = no" but could not succeed.

Only smbclient could recognize the changes in /etc/smb.conf file. As littleSaint mentioned, I would want finder to use ntlmv2.

May be a little more information could help understand better.
Am trying to mount a share exposed by OpenSolaris as windows share using SMB protocol. Although linux,windows and solaris are able to mount the share without any problem. On mac, finder is not able to mount. Between I found a commercial tool AdmitMac, which could mount the share without any issue. Tracing the network packets shows NTLMv2 authentication enabled.

Wondering if there are any settings to control the finder or limitation of finder.
Reply
User profile for user: pingtosen
pingtosen Author
User level: Level 1
8 points

Mar 19, 2010 10:35 PM in response to pingtosen

Using Mac OS X v10.6.2 on mac mini.

With this settings in /etc/nsmb.conf
\[default\]
minauth=ntlmv2

Mac client and Opensolaris box negotiate LM-0.12(NTLMv2) to use for authentication and later no more packets out from Mac client. If I remove the contents of nsmb.conf, Mac client starts communicating NTLMv1 and finally wrong password notification pops up.
Reply

Force finder to use NTLMv2 settings

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up