Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Force finder to use NTLMv2 settings

Hi All,

Need to force finder to use NTLMv2 when connecting to a windows share.

Even with setting "client ntlmv2 auth = yes" in /etc/smb.conf, connecting to the share always resulted in "wrong/bad password error message". It always uses NTLMv1 only. Can anyone point me to any other setting/configuration to enable ntlmv2 for finder.

Between any changes in /etc/smb.conf is picked up by smbclient command line utility.

Thanks in advance.
rohitk

mac mini, Mac OS X (10.6.2)

Posted on Mar 16, 2010 11:40 PM

Reply

Mar 18, 2010 1:04 PM in response to pingtosen In response to pingtosen

Interesting. ""client ntlmv2 auth = yes"" should have disabled NTLMv1

from smb.conf(1):

client ntlmv2 auth (G)
.
.
.
Similarly, if enabled, NTLMv1, client lanman auth and client plaintext auth authentication will be dis-
abled. This also disables share-level authentication.


Have you checked the smb.conf file using testparm?

Have you tried also disabling:


ntlm auth (G)
This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM
encrypted password response. If disabled, either the lanman password hash or an NTLMv2 response will
need to be sent by the client.
If this option, and lanman auth are both disabled, then only NTLMv2 logins will be permited. Not all
clients support NTLMv2, and most will require special configuration to us it.
Default: ntlm auth = yes

Mar 18, 2010 1:04 PM

Reply Helpful

Mar 18, 2010 9:49 PM in response to pingtosen In response to pingtosen

Yes I did try "ntlm auth = no" but could not succeed.

Only smbclient could recognize the changes in /etc/smb.conf file. As littleSaint mentioned, I would want finder to use ntlmv2.

May be a little more information could help understand better.
Am trying to mount a share exposed by OpenSolaris as windows share using SMB protocol. Although linux,windows and solaris are able to mount the share without any problem. On mac, finder is not able to mount. Between I found a commercial tool AdmitMac, which could mount the share without any issue. Tracing the network packets shows NTLMv2 authentication enabled.

Wondering if there are any settings to control the finder or limitation of finder.

Mar 18, 2010 9:49 PM

Reply Helpful

Mar 19, 2010 8:17 AM in response to pingtosen In response to pingtosen

What version of Mac OS are you running? I thought I had read the NTLMv2 was supported in 10.5. Try looking at the man page for nsmb.conf. I believe that is the file that controls client settings. I don't believe it exists by default. You have to create it.

Mar 19, 2010 8:17 AM

Reply Helpful

Mar 19, 2010 10:35 PM in response to pingtosen In response to pingtosen

Using Mac OS X v10.6.2 on mac mini.

With this settings in /etc/nsmb.conf
\[default\]
minauth=ntlmv2

Mac client and Opensolaris box negotiate LM-0.12(NTLMv2) to use for authentication and later no more packets out from Mac client. If I remove the contents of nsmb.conf, Mac client starts communicating NTLMv1 and finally wrong password notification pops up.

Mar 19, 2010 10:35 PM

Reply Helpful
User profile for user: pingtosen

Question: Force finder to use NTLMv2 settings