Apple Event: May 7th at 7 am PT
I have upgraded from El-Cap to Sierra and file share across our network (NTLMv1 authentication) will now not work.
Worked perfectly with NTLMv1 enabled in El-Cap via script in com.apple.GSS.NTLM.plist file (see NTLMv1 for SMB shares)
Anyone got a fix or a solution for this?
MacBook Pro, macOS Sierra (10.12)
Have you tried the Microsoft "fix" described at https://support.microsoft.com/en-us/kb/2793313 for affected Windows machines?
This looks like a very old fix - I am using Windows 10 across a network that uses only NTLMv1 authentication so need a way of forcing Sierra to accept this - network managers will not upgrade our network to v2
I think you're out of luck. I checked the following macOS Sierra shared object binaries and they only allow NTLMv2:
/usr/lib/pam/pam_ntlm.so.2
/usr/lib/sasl2/libntlm.so
/usr/lib/sasl2/smb_ntlmv2.so
Thanks for checking - looks like I have to wait to see if apple will release a fix - OR go back to El-cap. I would expect this would affect quite a lot of users.
We are finding a few differences between elcapitan & sierra when connecting to older filestore ie cifs/smb (Specifically Netware & OES 11SP2)
1) Authentication:
On el capitan & earlier we had for each user ~/Library/Preferences/nsmb.conf with
[default]
minauth=ntlm
This is still required
2) Need to connect via netbios on port 139.
over the years there have been several tricks - for sierra we are using
smb://<server>:139/<share>
This forces use of port 139 rather than 445 (check with netstat -a on terminal session)
If you get an immediate error indicating there are no connections on the server - you're probably trying to connect on the (closed) port 445. If you get a request for credentials - you've established session comms over port 139
3) Need to specify a sharename in the url
previously users could just specify the server name & available shares would be presented after authentication. Doesn't seem to work connecting to cifs/smbv1 servers, ie share name is mandatory.
Hope this helps
We are still at the early stages of dealing with inconsistencies in the user experience. For us the above seems to work - for users we are still getting reports of things not working - but we can't be sure they've followed instructions correctly (or even entered the correct credentials !)
thanks for the reply - I gave up and, wiped my instalation and have gone back to El-Cap (it took a full day as I had problems getting my back-up of time capsule). It is possible that your point (3) could have been the problem as indeed I was attempting to connect to the server, not the share but I have no way to test it now.
If anyone gets Sierra SMB shares working on servers using NTLM1 please post how and whether the tips above work?
I have used com.apple.GSS.NTLM.plist in el capiton, But while 'launchctl load -w /Library/Preferences/com.apple.GSS.NTLM.plist' it is throughing message that '/Library/Preferences/com.apple.GSS.NTLM.plist: Invalid or missing service identifier'. While checking in system log it is saying that ' com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system): Could not import service from caller: path = /Library/Preferences/com.apple.GSS.NTLM.plist, caller = launchctl.22853, error = 110: Invalid or missing service identifier'. Please help me in this. My com.apple.GSS.NTLM.plist entry is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" \
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Newitem</key>
<string>--- com.apple.GSS.NTLM.plist to be located in /Library/Preferences ---</string>
<key>Newitem2</key>
<dict>
<key>NTLMv1</key>
<true/>
<key>NTLMv2</key>
<true/>
</dict>
</dict>
</plist>
~
Please help me in this
NTLMv1 fix for SMB File share broken in Sierra
