Environment
Novell NetWare 6.5 Support Pack 5
n65nss5a.exe
CIFS.NLM
Situation
Vista x86, x64, and XP Professional x64 machines, without a
Novell client, are unable to connect to a NetWare 6.5 SP5 server
using CIFS.
XP Professional SP2 x86 machines are successful in making a connection to the sameNetWare 6.5 SP5server via CIFS.
Verification tests were run with the workstations in workgroup mode and "out of the box" security settings.
XP Professional SP2 x86 machines are successful in making a connection to the sameNetWare 6.5 SP5server via CIFS.
Verification tests were run with the workstations in workgroup mode and "out of the box" security settings.
Resolution
- Verify that the NetWare 6.5 SP5 server is running the NSS and
CIFS code currently found in then65nss5a.exepatch, or later releases of this code. (Later releases will
follow the naming convention but have an incremented version
number. For example: n65nss6.exe)
- On the workstation change the "Network security: Lan Manager authentication level" policy to "Send LM & NTLM - use NTLMv2 session security if negotiated"
- On the workstation change the "Network security: Lan Manager authentication level" policy to "Send LM & NTLM - use NTLMv2 session security if negotiated"
Additional Information
There have been changes in the default "Network security: Lan
Manager authentication level" policy in the Windows platforms post
XP Professional SP2 x86. It appears that XP Professional x64
defaults to "Send NTLM response only", and Vista x86 & Vista
x64 both default to "Send NTLMv2 response only".
Setting the "Network security: Lan Manager authentication level" on these machines to"Send LM & NTLM - use NTLMv2 session security if negotiated" will address this issue.
A couple of links:
Network security: LAN Manager authentication level
http://technet2.microsoft.com/WindowsServer/en/library/22d98712-9349-44fb-8e69-1190ea0d039a1033.mspx?mfr=true
Protect Against Weak Authentication Protocols and Passwords
http://www.windowsecurity.com/articles/Protect-Weak-Authentication-Protocols-Passwords.html
Author: Derek Melber
Setting the "Network security: Lan Manager authentication level" on these machines to"Send LM & NTLM - use NTLMv2 session security if negotiated" will address this issue.
A couple of links:
Network security: LAN Manager authentication level
http://technet2.microsoft.com/WindowsServer/en/library/22d98712-9349-44fb-8e69-1190ea0d039a1033.mspx?mfr=true
Protect Against Weak Authentication Protocols and Passwords
http://www.windowsecurity.com/articles/Protect-Weak-Authentication-Protocols-Passwords.html
Author: Derek Melber