Early adopters of Microsoft’s new Vista operating system may notice that it will not connect to Samba share folders out of the box. This will be a bit of a pain for many enterprise customers. The technical reason is because Microsoft Vista’s default security policy is to only use NTLMv2 authentication. According to a Google search Samba doesn’t support this yet.
Update: Some readers have pointed out that NTLMv2 authentication is supported in Samba 3.0. However, this certainly wasn't an option to get this running in my instance.
-------- TRY THIS #4
To get Vista to work with Samba follow the simple instructions below:
1. Open the Run command and type "secpol.msc".
2. Press "continue" when prompted by Vista.
3. Click on "Local Policies" --> "Security Options"
4. Navigate to the policy "Network Security: LAN Manager authentication level" and open it.
5. By default Windows Vista sets the policy to "NTVLM2 responses only". Change this to "LM and NTLM – use NTLMV2 session security if negotiated".
Once you’ve done this Windows Vista will be able to view network drives based on Samba servers and should fix any issues around using Samba as a Primary Domain Controller.
----------- TRY THIS #1
You could simply use the default Vista settings and do the following:
On the *nix box (or ssh onto it) run
vi /etc/samba/smb.confthen edit the smb.conf file to include the next lines in the GLOBAL section. Make sure the actual domain name (realm) is in UPPER CASE (i.e realm = MYDOMAIN.LOCAL)
[global]
idmap gid = 10000-20000
netbios name = yourmachinename
idmap uid = 10000-20000
workgroup = WORKGROUP
os level = 20
security = ADS
encrypt passwords = yes
winbind trusted domains only = yes
realm = YOURDOMAIN.INT
winbind enum users = noNow on the *nix box enter:/etc/init.d/smb restart
/etc/init.d/nmb restart -(if not restarted by smb)
/etc/init.d/winbind restart
net join -U administrator -S FQDN_of_Serverwhen requested enter the password and your samba will be a domain member.
----------- TRY THIS #2
KDE Control Panel Samba smb.conf editing utility and I find a tick box to enable NTLMv2, in Advanced tab > Security > Authentification tab .
----------- TRY THIS #3
If you're running a version of Vista that cannot use secpol.msc, you can edit the registry instead. Just change the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel from a 3 to a 1.
----------- THIS IS A SIMILAR PROBLEM
I have a Centos 5 Server running Samba (latest Redhat SAMBA) which is a member server of a M$ Active Dir Domain and I have found that Vista running SP1 can not connect to any share if you use authenticated users in your SMB.conf eg valid users = domain+username This did work before SP1 was installed on Vista and it does still work on XP. If there is no permissions set on the share then you can go into the share. I have attached a copy of my SMB.conf.
Any help to fix this would be Great.
# Global parameters
[global]
workgroup = WORKGROUP
realm = DC.DOMAIN.NET
server string =
# security = domain
security = ADS
auth methods = sam, winbind
log file = /var/log/samba/%m.log
preferred master = No
wins server = 10.3.0.124
ldap ssl = no
default service = homes
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
winbind separator = +
dns proxy = yes
winbind nested groups = yes
#for Vista compatibility
client lanman auth = no
client ntlmv2 auth = yes
domain logons = yes
[c$]
path = /
valid users = "DC+lay" "DC+admin"
admin users = "DC+lay" "DC+admin"
write list = "DC+lay" "DC+admin"
[c]
path = /
