From: Greg Ercolano <erco@(email surpressed)> Subject: [Q+A] Adding new win7 machine to a network with a Mac/samba fileserver, Date: Fri, 28 Jan 2011 09:11:44 -0800 |
Msg# 2006 View Complete Thread (1 article) | All Threads Last Next |
> We added our first Windows7 machine to our network which has a fileserver > running Mac OSX with stock samba. When our rush job runs on the win7 box we get: > > "Logon failure: unknown user name or bad password" > > ..in the "frames" report (under the notes field) > > We then tried your suggestion to try to access the directory > by logging in as the user we have the rush service running as, > if we just go into DOS and try to access the drive, we do get > the same error.. Good -- that means you can replicate the problem without rush, and approach it as a Windows administration issue. See below for possible solution. > ..however, if we browse through the GUI file browser, it pops > up a dialog asking us for our login/password, and if we type > the same username/password, we can then browse the server..! The popup dialog is showing you there's a problem with authentication between the two machines. The fact it works the second time with the same login/pass is dubious; sounds like Microsoft being inconsistent about how it handles authentication here. I know that in Win7 (and I think Vista too) MS switched to a stronger form of 128-bit encryption for logins. I'm guessing that when you login to the window manager, win7 is using the new stronger authentication that your older versions of windows didn't use, and fails because the server isn't configured to handle this new encryption. Yet when MS pops that secondary dialog after trying to browse through the GUI, it /sounds/ like that dialog is doing an extra step where it first tries strong encryption to access the drive, and if that fails, falls back to the old authentication technique, and succeeds with that, making the drive accessible. Thing is, this is not a solution; Rush can't answer that secondary dialog; you have to get the machine to work correctly with the file server using the user's actual authentication the OS is using. SOLUTION As you've confirmed, the following solved your problem; configuring the Win7 machine to use the older form of authentication with your server: * * * * * * * * * On your win7 machine.. 1) Go into: Control Panel > Administrative Tools > Local Security Policy 2) In the dialog that appears, go into: Local Policies > Security Options 3) In the large list, change these two options: POLICY SECURITY SETTING -------------------------------------------------- ------------------------ Network security: LAN Manager authentication level Send LM & NTLM responses Minimum session security for NTLM SSP Disable Require 128-bit encryption * * * * * * * * * Of course the other way to solve this would be to upgrade your file server to support the newer encryption, but since you're in production, the above is probably your best choice until you have time to investigate upgrading the server's samba. |