NTLMv1 for SMB shares

Question

Level 1

8 points

NTLMv1 for SMB shares

Dear all,

I tried to setup my Yosemite Server (10.10.01) with a SMB file sharing. However, with my business Dell computer running on Win7 enterprise, I can not connect to the SMB shares on Yosemite. Why? For some reasons, Yosemite does only accept NTLMv2 authentication and my company computer is configured for NTLMv1. Having no admin rights, I can not adopt the solution proposed in this forum: Yosemite SMB from XP/Win8

I tried to use serveradmin as suggested in a blog http://krypted.com/windows-server/yosemite-server-smb-and-windows/
$server: sudo serveradmin settings smb:ntlm auth = "yes"

$server: sudo serveradmin stop smb

$server: sudo serveradmin start smb

However the result saying issue remains, as the excerpt from the log displays

od failed with 2 proto=ntlmv1

user=domain\\username

kdc failed with -1561745600 proto=ntlmv1

I also modified the com.apple.smb.server.plist under /Library/Preferences/SystemConfiguration with the following lines inspired from the Mavericks server:

<key>AllowNTLMAuth</key>

<true/>

Still no connection with my company Win 7 possible.

Therefore my question to you:

Is there a reliable way to enable Yosemite to perform NTLMv1 authentication. Any hints are highly welcome.

Adrian

Mac mini, OS X Yosemite (10.10.1)

Posted on Jan 1, 2015 11:46 PM

Reply

Answer 1

Top-ranking reply

avonmueh Author

Level 1

8 points

Jan 2, 2015 12:28 PM in response to avonmueh

Found the solution:

As explained in this discussion https://groups.google.com/forum/#!topic/uk.comp.sys.mac/4Za7tMNbK2k

Yosemite is looking for com.apple.GSS.NTLM.plist in /Library/Preferences, which is missing in a freshly installed system.

Thus provide the following content

--- com.apple.GSS.NTLM.plist to be located in /Library/Preferences ---

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>NTLMv1</key>

<true/>

<key>NTLMv2</key>

<true/>

</dict>

</plist>

---

and Yosemite 10.10.1 Server will accept authentification by NTLMv1 and NTLMv2. Thus Windows 7 boxes in standard configuration can access the SMB share hosted on Yosemite server.

Best wishes,

Adrian

Reply

Answer 2

May 28, 2015 11:25 AM in response to avonmueh

As unbelievable as it seems, I have been fighting this problem for months and months as well. It wasn't until I looked in the Console messages and found something to search on that I found this thread. The moment I created the file, the login from the Windows XP machine started working. I can't believe that Yosemite has been released as long as it has, and yet there is still no option to have this work (as of May 2015). Thanks so much to "Adrian" for figuring this out.

Reply

Answer 3

Dec 16, 2016 8:40 PM in response to avonmueh

I have used same script, But while 'launchctl load -w /Library/Preferences/com.apple.GSS.NTLM.plist' it is throughing message that '/Library/Preferences/com.apple.GSS.NTLM.plist: Invalid or missing service identifier'. While checking in system log it will says ' com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system): Could not import service from caller: path = /Library/Preferences/com.apple.GSS.NTLM.plist, caller = launchctl.22853, error = 110: Invalid or missing service identifier'. Please help me in this.

Reply