From: Greg Ercolano <erco@(email surpressed)> Subject: [Q+A] Adding new win7 machine to a network with a Mac/samba fileserver, Date: Fri, 28 Jan 2011 09:11:44 -0800 |
Msg# 2006 View Complete Thread (1 article) | All Threads Last Next |
> We added our first Windows7 machine to our network which has a fileserver
> running Mac OSX with stock samba. When our rush job runs on the win7 box we get:
>
> "Logon failure: unknown user name or bad password"
>
> ..in the "frames" report (under the notes field)
>
> We then tried your suggestion to try to access the directory
> by logging in as the user we have the rush service running as,
> if we just go into DOS and try to access the drive, we do get
> the same error..
Good -- that means you can replicate the problem without
rush, and approach it as a Windows administration issue.
See below for possible solution.
> ..however, if we browse through the GUI file browser, it pops
> up a dialog asking us for our login/password, and if we type
> the same username/password, we can then browse the server..!
The popup dialog is showing you there's a problem
with authentication between the two machines.
The fact it works the second time with the same login/pass
is dubious; sounds like Microsoft being inconsistent about
how it handles authentication here.
I know that in Win7 (and I think Vista too) MS switched to a
stronger form of 128-bit encryption for logins. I'm guessing
that when you login to the window manager, win7 is using the new
stronger authentication that your older versions of windows
didn't use, and fails because the server isn't configured
to handle this new encryption.
Yet when MS pops that secondary dialog after trying to browse
through the GUI, it /sounds/ like that dialog is doing an extra
step where it first tries strong encryption to access the drive,
and if that fails, falls back to the old authentication technique,
and succeeds with that, making the drive accessible.
Thing is, this is not a solution; Rush can't answer that secondary
dialog; you have to get the machine to work correctly with the file
server using the user's actual authentication the OS is using.
SOLUTION
As you've confirmed, the following solved your problem; configuring
the Win7 machine to use the older form of authentication with your server:
* * * * * * * * *
On your win7 machine..
1) Go into: Control Panel > Administrative Tools > Local Security Policy
2) In the dialog that appears, go into: Local Policies > Security Options
3) In the large list, change these two options:
POLICY SECURITY SETTING
-------------------------------------------------- ------------------------
Network security: LAN Manager authentication level Send LM & NTLM responses
Minimum session security for NTLM SSP Disable Require 128-bit encryption
* * * * * * * * *
Of course the other way to solve this would be to upgrade your
file server to support the newer encryption, but since you're in
production, the above is probably your best choice until you have
time to investigate upgrading the server's samba.
|