Saturday, March 22, 2008

Get Vista and Samba to work

Early adopters of Microsoft’s new Vista operating system may notice that it will not connect to Samba share folders out of the box. This will be a bit of a pain for many enterprise customers. The technical reason is because Microsoft Vista’s default security policy is to only use NTLMv2 authentication. According to a Google search Samba doesn’t support this yet.
Update: Some readers have pointed out that NTLMv2 authentication is supported in Samba 3.0. However, this certainly wasn't an option to get this running in my instance.
To get Vista to work with Samba follow the simple instructions below:
1. Open the Run command and type "secpol.msc".
2. Press "continue" when prompted by Vista.
3. Click on "Local Policies" --> "Security Options"
Vista and Samba4. Navigate to the policy "Network Security: LAN Manager authentication level" and open it.
5. By default Windows Vista sets the policy to "NTVLM2 responses only". Change this to "LM and NTLM – use NTLMV2 session security if negotiated".
Vista and SambaOnce you’ve done this Windows Vista will be able to view network drives based on Samba servers and should fix any issues around using Samba as a Primary Domain Controller.

----------- TRY THIS #1

You could simply use the default Vista settings and do the following:
On the *nix box (or ssh onto it) run

vi /etc/samba/smb.conf

then edit the smb.conf file to include the next lines in the GLOBAL section. Make sure the actual domain name (realm) is in UPPER CASE (i.e realm = MYDOMAIN.LOCAL)

idmap gid = 10000-20000
netbios name = yourmachinename
idmap uid = 10000-20000
workgroup = WORKGROUP
os level = 20
security = ADS
encrypt passwords = yes
winbind trusted domains only = yes
winbind enum users = no

Now on the *nix box enter:
/etc/init.d/smb restart
/etc/init.d/nmb restart -(if not restarted by smb)
/etc/init.d/winbind restart

net join -U administrator -S FQDN_of_Server

when requested enter the password and your samba will be a domain member.

----------- TRY THIS #2

KDE Control Panel Samba smb.conf editing utility and I find a tick box to enable NTLMv2, in Advanced tab > Security > Authentification tab .

----------- TRY THIS #3

If you're running a version of Vista that cannot use secpol.msc, you can edit the registry instead. Just change the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel from a 3 to a 1.


I have a Centos 5 Server running Samba (latest Redhat SAMBA) which is a member server of a M$ Active Dir Domain and I have found that Vista running SP1 can not connect to any share if you use authenticated users in your SMB.conf eg valid users = domain+username This did work before SP1 was installed on Vista and it does still work on XP. If there is no permissions set on the share then you can go into the share. I have attached a copy of my SMB.conf.
Any help to fix this would be Great.

# Global parameters
workgroup = WORKGROUP
server string =
# security = domain
security = ADS
auth methods = sam, winbind
log file = /var/log/samba/%m.log
preferred master = No
wins server =
ldap ssl = no
default service = homes
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
winbind separator = +
dns proxy = yes
winbind nested groups = yes

#for Vista compatibility
client lanman auth = no
client ntlmv2 auth = yes
domain logons = yes
path = /
valid users = "DC+lay" "DC+admin"
admin users = "DC+lay" "DC+admin"
write list = "DC+lay" "DC+admin"
path = /


Anonymous said...

[url=]casino[/url], also known as agreed casinos or Internet casinos, are online versions of famous ("chunk and mortar") casinos. Online casinos franchise gamblers to produce ingredient in and wager on casino games to a t the Internet.
Online casinos superficially dream an indecent up as a replacement quest of available odds and payback percentages that are comparable to land-based casinos. Some online casinos contend higher payback percentages as a peacefulness with a in the cards explore post written accord games, and some cove prominent payout partition audits on their websites. Assuming that the online casino is using an correctly programmed unsystematic lavish generator, announce games like blackjack preoccupy an established column edge. The payout touch go out after of these games are established good valued days the rules of the game.
Sharp online casinos sublease absent from in d‚bƒcle or beget their software from companies like Microgaming, Realtime Gaming, Playtech, Wide-ranging Scheme Technology and CryptoLogic Inc.

Anonymous said...

top [url=]uk casino bonus[/url] hinder the latest [url=]online casino[/url] manumitted no deposit hand-out at the foremost [url=]no put bonus

Open source = Open Mind

My best of Open source: Linux, Firefox, MySQL, Apache, Asterisk, SOX, KDE, Konqueror, WikiMedia, Joomla,

Life equation by Albert Einstein:
Albert_Einstein(MyLife) {
 If(MyLife==Success in life)
  return (A(Work,Play,keep your mouth shut));
  return (B(Work,Play,keep your mouth shut));
A(x,y,z) {
B(x,y,z) {