You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: flur
flur Author
User level: Level 1
5 points

Yosemite SMB from XP/Win8

I am unable to connect to the SMB share on my newly upgraded Yosemite machines from a Windows client. I could connect fine in Mavericks. I can connect fine via smbclient on a linux machine.


Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: uid=0

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: od failed with 2 proto=lm

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: user=\

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: kdc failed with -1561745597 proto=unknown

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request guest: ok user=ORCHARD\GUEST proto=lm flags: NEG_KEYEX, ENC_128, NEG_VERSION, NEG_TARGET_INFO, NEG_NTLM2, NEG_ALWAYS_SIGN, NEG_ANONYMOUS, NEG_NTLM, NEG_SIGN, NEG_TARGET, NEG_UNICODE

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: uid=0

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: init request

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: init return domain: ORCHARD server: ORCHARD indomain was: <NULL>

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: uid=0

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: init request

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: init return domain: ORCHARD server: ORCHARD indomain was: <NULL>

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: uid=0

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: od failed with 2 proto=ntlmv1-with-v2-session

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: user=EEEPC\flur

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: kdc failed with -1561745600 proto=ntlmv1

Oct 20 12:19:34 orchard.lan digest-service[1173]: digest-request: guest failed with -1561745590 proto=ntlmv1-with-v2-session

Posted on Oct 20, 2014 9:21 AM

Reply
Question marked as Top-ranking reply
User profile for user: rebelscum75
rebelscum75
User level: Level 1
9 points

Posted on Oct 22, 2014 7:46 AM

Could you try (a) turn samba off and on again in sharing

or (b) change the local security policy on your PC. (borrowed from here http://www.jimmah.com/vista/net/ntlm.aspx)

  1. Click Start
  2. Click Control Panel
  3. Click System and Maintenance
  4. Click Administrative Tools
  5. Double-Click Local Security Policy
  6. In the left pane, click the triangle next to Local Policy
  7. In the left pane, click Security Options
  8. In the right pane near the bottom, double-click "Network security: LAN manager authentication level"
  9. Click the drop-down box, and click "Send LM & NTLM - use NTLMv2 session security if negotiated"
  10. Click OK
View in context
22 replies
User profile for user: BlackF1re83
BlackF1re83
User level: Level 1
4 points

Jan 28, 2015 8:15 AM in response to BlackF1re83

Partial Solution: SMB 1 protocol, works !!!

I'll write it also here, to inform you.


Today i've tried to force old versions of SMB protocol from the windows client

using the commands described here (reboot the windows workstation to take effect):
http://kb.bodhost.com/steps-to-enable-and-disable-smbv1-smbv2-and-smbv3-...

I've forced the deactivation of SMB 2 and 3, leaving only SMB 1 active:

Open the command line (as administrator) on the windows machine.

To disable the SMBv2 and SMBv3 on the SMB client, use the below commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

Enable the SMBv1 on the SMB client with the below commands (if, for any reason, is not already running):

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto

In this mode, the smb share of the xsan volume works properly.
No way instead with smb 2 and 3.

Tested on both Windows 7 and 8, the good old SMB 1 is functioning.

The incredible thing is this problem only affects Xsan volumes, while DAS volumes works properly in SMB 2 and 3 on windows.

That's why i'm not so sure it may be only an SMB 3 share issue, but also something related to the OD.

Maybe forcing the share to the old SMB 2, but i have no idea how to do this on Yosemite.

I'll keep you posted on this.

Meantime, i hope i've been of some help.

Reply
User profile for user: idfubar
idfubar
User level: Level 1
8 points

Jul 30, 2015 6:10 PM in response to rebelscum75

rebelscum75 wrote:


Could you try (a) turn samba off and on again in sharing

or (b) change the local security policy on your PC. (borrowed from here http://www.jimmah.com/vista/net/ntlm.aspx)

  1. Click Start
  2. Click Control Panel
  3. Click System and Maintenance
  4. Click Administrative Tools
  5. Double-Click Local Security Policy
  6. In the left pane, click the triangle next to Local Policy
  7. In the left pane, click Security Options
  8. In the right pane near the bottom, double-click "Network security: LAN manager authentication level"
  9. Click the drop-down box, and click "Send LM & NTLM - use NTLMv2 session security if negotiated"
  10. Click OK


Can anyone confirm whether changing the suggested setting (given a default configuration) is sufficient to re-establish Windows file-sharing compatibility between Yosemite and Windows 7 clients? My attempts to duplicate success by following the given procedure were not successful & the solution has been posted to more than one Apple Discussions thread.


Although the subsequent responses suggest choosing 'Send NTLMv2 response only' (or, equivalently, manually setting the registry value to "3") it should be noted that (even if successful in solving the original incompatibility issue introduced with Yosemite and the default use of SMB3) in so doing compatibility with older Windows clients is affected; an equivalently limited solution would be force the Mac host to use SMB1/SMB2 as it did since OS X 10.5 (and as can be implemented with equal haste: NTLMv1 for SMB shares)...


PS: Given the history of Samba protocol transparency it seems... inconceivable... that Apple would have changed the default setting to forcing SMB3 only without affording some measure of compatibility to Windows clients such that a compatibility setting allowing for the most universal compatibility, i.e. protocol negotiation via use of SMB3-compatible settings (e.g. via "Send LM & NTLM - use NTLMv2 session security if negotiated"), would somehow not function; given the history of the Microsoft anti-trust saga and the ensuing period of "oversight" it seems doubly inconceivable that discounting Apple development competence would account for the same.

Reply
User profile for user: MurffTurf
MurffTurf
User level: Level 1
4 points

Jun 8, 2016 9:41 AM in response to flur

Again this worked for me after a few frustrating days of looking for a solution! I had some trouble after upgrading to Yosemite but I got it working I think just by stopping and restarting Open Directory (even though I had read I shouldn't need that any longer). But after upgrading to El Capitan my Windows 7 computers stopped connecting to the Mac shares again. I tried stopping and restarting OD but no effect this time. I finally found this thread and changing the Windows Local Security policy to only send NTLMv2 worked! Thank you thank you thank you!!! And now I have turned OD off and it the everything still seems to be working.

Reply

Yosemite SMB from XP/Win8

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up