avonmueh

Q: NTLMv1 for SMB shares

Dear all,

 

I tried to setup my Yosemite Server (10.10.01) with a SMB file sharing. However, with my business Dell computer running on Win7 enterprise, I can not connect to the SMB shares on Yosemite. Why? For some reasons, Yosemite does only accept NTLMv2 authentication and my company computer is configured for NTLMv1. Having no admin rights, I can not adopt the solution proposed in this forum: Yosemite SMB from XP/Win8

 

I tried to use serveradmin as suggested in a blog http://krypted.com/windows-server/yosemite-server-smb-and-windows/
$server: sudo serveradmin settings smb:ntlm auth = "yes"

$server: sudo serveradmin stop smb

$server: sudo serveradmin start smb

 

However the result saying issue remains, as the excerpt from the log displays

od failed with 2 proto=ntlmv1

user=domain\\username

kdc failed with -1561745600 proto=ntlmv1

 

I also modified the com.apple.smb.server.plist under /Library/Preferences/SystemConfiguration with the following lines inspired from the Mavericks server:

        <key>AllowNTLMAuth</key>

        <true/>

Still no connection with my company Win 7 possible.

 

Therefore my question to you:

Is there a reliable way to enable Yosemite to perform NTLMv1 authentication. Any hints are highly welcome.

 

Adrian

Mac mini, OS X Yosemite (10.10.1)

Posted on Jan 1, 2015 11:46 PM

Close

Q: NTLMv1 for SMB shares

  • All replies
  • Helpful answers

  • by avonmueh,Solvedanswer

    avonmueh avonmueh Jan 2, 2015 12:28 PM in response to avonmueh
    Level 1 (0 points)
    Jan 2, 2015 12:28 PM in response to avonmueh

    Found the solution:

     

    As explained in this discussion https://groups.google.com/forum/#!topic/uk.comp.sys.mac/4Za7tMNbK2k

    Yosemite is looking for com.apple.GSS.NTLM.plist in /Library/Preferences, which is missing in a freshly installed system.

     

    Thus provide the following content

    --- com.apple.GSS.NTLM.plist to be located in /Library/Preferences ---

    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <plist version="1.0">

    <dict>

          <key>NTLMv1</key>

          <true/>

          <key>NTLMv2</key>

          <true/>

    </dict>

    </plist>

    ---

    and Yosemite 10.10.1 Server will accept authentification by NTLMv1 and NTLMv2. Thus Windows 7 boxes in standard configuration can access the SMB share hosted on Yosemite server.

     

    Best wishes,

     

    Adrian

  • by morejanus,

    morejanus morejanus May 28, 2015 11:25 AM in response to avonmueh
    Level 1 (0 points)
    May 28, 2015 11:25 AM in response to avonmueh

    As unbelievable as it seems, I have been fighting this problem for months and months as well. It wasn't until I looked in the Console messages and found something to search on that I found this thread. The moment I created the file, the login from the Windows XP machine started working. I can't believe that Yosemite has been released as long as it has, and yet there is still no option to have this work (as of May 2015). Thanks so much to "Adrian" for figuring this out.